Hello,

One of my dedicated server's root access has been compromised due to which i could not SSH the server. How should i troubleshoot this issue ? Kindly suggest.
Could you please suggest me probable troubleshooting steps which i could follow on server to resolve this issue ?

Regards,
Linux Admin

Not being able to SSH into a server can have many reasons ranging from fat fingering auth to wrong (re)configuration or access restrictions to the server being overloaded or service or server or network unavailability. Check network and service availability and if the machine is remotely monitored check that and its log / alerts first. Next check if the machine can be reached over a remote console (DRAC, iLO or IPMI) or web-based management panel to restart the SSH service or do first recon using the CERT Intruder Detection Checklist.

*If you however tried to convey you found out the machine was compromised earlier or in a different way then you should have been much, much clearer about it and follow the same checklist and give us more nfo.

For the sake of efficiency I expect your next reply to be complete and verbose, listing the steps you took and relevant stdout / stderr output etc, etc.

Do you can ssh using any other user?if you can then there is no problem with SSH.
1.check ssh config where /etc/ssh/sshd_and configuration PermitRootLogin is no.If that is yes or commented then seems like your root password has been changed.Then go to run level 1 in boot time and reset the password.

Anyway you have to log terminal machine itself to do these all..