can't login using ssh (via Putty) remotely

blinton25 · 05-24-2007, 07:02 PM

Hello,

I can't login as root using SSH (Putty) remotely. I keep getting an access denied message.

I thought I was typing the password wrong but when I go to the physical machine I can login using ssh or su.

The distribution is ubuntu.

Any idea why this might be happening?

manwichmakesameal · 05-24-2007, 07:03 PM

Does the other machine that you're logging into allow root ssh logins? Personally, I wouldn't allow it. Can you ssh as a normal user? If so, just su from a normal user account.

jschiwal · 05-24-2007, 07:03 PM

Log in as a regular user and then use sudo to run root commands.
Ubuntu has disabled root logins. Even if they didn't, you should always disable root logins for ssh.

dxqcanada · 05-24-2007, 07:09 PM

By default an OpenSSH server has Allow Root Login disabled.

Better for security.

/etc/ssh/sshd_conf

Braynid · 05-24-2007, 07:14 PM

Quote:

Originally Posted by dxqcanada

/etc/ssh/sshd_conf

I think you've got the idea by now, I just want to stress that, after you login as a regular user with sudo access, you should run

Code:

sudo su -

to become root. Then you can alter SSHD options that you can find in '/etc/ssh/sshd_conf'. As everybody is saying, it's not a great idea to allow root to login remotely.

Cheers

jschiwal · 05-24-2007, 11:49 PM

Ubuntu doesn't allow su'ing directly to root by default. Root account logins are disabled. You need to use sudo.

blinton25 · 05-25-2007, 05:32 AM

Thanks a lot. When I create the new user (adduser) are there any arguments that I need to specify for ssh?

Braynid · 05-25-2007, 10:16 AM

Not necessarily. If you just add a user ssh login is enabled by default.

Xeratul · 05-25-2007, 11:00 AM

check the sshd_config in the /etc/ssh and the port concerned

then /etc/init.d/ssh restart

=======================
it should work.

If it s again a bug from ubuntu, please report it via
sudo apt-get install reportbug nano
reportbug and follow the procedure

Enjoy

jschiwal · 05-25-2007, 07:59 PM

Dictionary attacks will target system user accounts and root account.
If only a handful of users are authorized to log into the machine using ssh, you can add their names to "AllowUsers" in /etc/ssh/sshd_config. This will disallow other logins including by system users. This is a quick and easy way to lock down ssh. One other thing to consider is to only allow the ssh-2 protocol. By default, if ssh-2 fails ssh-1 is tried. Ssh-1 has some problems so hackers will try to login with this protocol.

Xeratul · 05-26-2007, 04:09 AM

Quote:

Originally Posted by jschiwal

Dictionary attacks will target system user accounts and root account.
If only a handful of users are authorized to log into the machine using ssh, you can add their names to "AllowUsers" in /etc/ssh/sshd_config. This will disallow other logins including by system users. This is a quick and easy way to lock down ssh. One other thing to consider is to only allow the ssh-2 protocol. By default, if ssh-2 fails ssh-1 is tried. Ssh-1 has some problems so hackers will try to login with this protocol.

How to increase security with a SSHd listening to either port 80 or 8080 ? Is this Secured or Mad ?

blinton25 · 05-27-2007, 01:17 AM

Ok, I was able to get in, thanks.