Cannot login through local console
HI,
I have got a problem with my login. I am not able to login through local console or ssh to my machine. In sshd_config file, i have changed the port no. Used DenyUsers, DenyGroups, AllowUsers and blocked the root login. I also used the /etc/hosts.allow to deny some domains, sshd: .hinet.net deny I tried to take backup using this command tar -zcvpf /archive/full-backup-`date '+%d-%B-%Y'`.tar.gz \ --directory / --exclude=mnt --exclude=proc --exclude=var/spool/squid but it never worked. Now i am not able to login to my machine through ssh or local console. In local console when logging in, it falls back to the login screen saying "Authentication Failure" in a flash. Please help me get out of this soup. Thanking you all in advance. |
It's not a good idea to create a tar file of / under /archive, because /archive is located under /
It your disk full now? |
regarding problem tcp wrappers
try to use /etc/hosts.deny
and block domains by putting value in it sshd: abc 192.168.1. def // it will block abc and ip 192.168.1. ans def // its easy to understand |
i am not able to login to my machine through ssh or local console. In local console when logging in, it falls back to the login screen saying "Authentication Failure" in a flash.
|
Is /archive a mounted network directory or on your filesystem. I think the notion that your filesystem might be full may be correct. You may need to boot up with a live distro, and examine the filesystem that way. You an also double check your /etc/hosts.allow & /etc/hosts.deny files and maybe temporarily undo some of your changes. In the very least, you can read the log file to see why authentication failed.
However, in the future, if you make authentication changes as you have, it is a good idea to be logged in to a local vt and try logging in on a different one. Then if your test fails, you can undo the changes to login again. For changes made remotely, having an active ssh connection and testing making a new connection would be a good idea as well. Don't feel too bad however. I read that locking out all logins is something every system admin has done once. It is very easy to do if you modify the pam configurations. The AllowUsers entry in /etc/sshd_config takes precedence over DenyUsers, so you just need AllowUsers (and disable root logins) to deny all other regular users & system users. |
RE
Thanks for ur comment. I am afraid that if the file system is corrupted then the system will not boot up. How can i check the integrity of my file system and if corrupted how can i restore it, without losing all my other configurations. Can i access the configuration files from rescue mode or single user mode ? Please give me a suggestion.
|
Quote:
Quote:
/sbin/shutdown -rF now The system will reboot, and run fsck as it comes up. But I do not think your filesystem is "corrupted". I think it is "full". See Agrouf's post at #2 in this thread. |
Re
Thanks for ur comment. Do i need a bootup disk to get into Single User Mode? How can i get in to Single user mode? How can i edit the hosts.allow file from the single User mode? Please give me a suggestion.. Thanking you in advance.
|
Quote:
To boot to Rescue ("Single user") mode press the down arrow to select "Rescue Mode" (before grub times out and boots the default, you might have to be quick!), then press return. Quote:
And anticipating the next Q: How do you exit single user mode? Code:
shutdown -r now |
Re
Thanks alot for that comment. Do i need to check my filesystem before editing any conf files? If so how to do it? Also there are only a handful of commands we can use at Single User Mode, is vi available?
vi /etc/hosts.allow, vi /etc/sshd_config Will these commands run at Single user mode? Can we edit and save the changes using ESC:wq as usual? I only saw pico command at single user mode. If thatz the only way then how to work with that command? Thanking you in advance .... |
vi is the default editor for Unix/Linux... it'll be there ... and that's why I always recommend people have a basic knowledge of vi, even if they hate it and prefer gedit or something.
|
All times are GMT -5. The time now is 01:23 AM. |