Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi Guys, thanks for the reply, and this is a test environment that I am setting up for some RND and I ran in to this totally screw up! even I tried even with sentos 7 same thing same settings. But my lap is running Fedora 20 and all I had to do was disable selinux and in one Oracle linux 7 installation it had to be permissive, with out setting any of the above settings in sshd_conf.
I cant put my fingure on this, it seems every time it is some what deterrent setting got the things going.
You might consider logging. ssh features several levels of verbosity both on the client and the server side.
The ssh client has options -v, -vv, -vvv, and so on (I don't know where it stops). Three v's are sufficient to give you a whole short story to analyse.
On the server side, you can run sshd with -v as well if I remember correctly. You can also run additional sshd processes on ports other than 22.
Hi I have upgraded OS to 22 and debugging gave me below info
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this
Hi I have upgraded OS to 22 and debugging gave me below info
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
it seems there is somekind of a restriction on the uid (least it looks like), how do I go about fixing this
Again, there is nothing to 'fix'...this is disabled FOR GOOD REASON...logging in as root is a BAD IDEA, and always will be.
You can stop the ssh service on your machine, and run "/usr/sbin/sshd -D -d" to get some details. Could be a permissions issue, but as others have asked (but you didn't answer), did you restart sshd after changing the permitrootlogin value???
TB0ne, thank you for the reply and yes I have restered the service as well as the server it self and by enabling I I have only got what is written in to the secure log with some additional information that was nice and I only pasted what I though would be relevant for diagnosing
I am sorry if I have not answered acknowledge of your valuable time on helping me, but I though I have. I have been with you and this network for a quite a while and I do deeply appreciate you and this network which has provided me with much wanted help at time I was dead stuck as well as in some lame question that I might have asked. Thank you all!!!!
As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped.
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<veeam-server> user=root
pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
PAM is the framework that allows fine-grained control of the login process. It's configured in /etc/pam.d; the error message indicates you should look at auth clauses in the file /etc/pam.d/sshd.
As I have mentioned this is a test environment, and needed root level access to do some configuration and testing. But now it looks like there is some setting or some de or reconfiguration that we need to do to enable root level access from FC 20, Centos 7, redhat 7 and Oracle linux 7 (on the other hand all bistros are the same ). I've just got this installed needs to play with it and see if the same persist. But as per one of my colleague he has to set selinux to permissive for ssh as root to work. None of the good help did helped.
Again, it doesn't matter if this is test or not...logging in as root is a PLAIN BAD IDEA, PERIOD. As jpollard, you need to get used to working WITH security, rather than fighting it. All you're going to wind up doing is making things harder for yourself later. The scripts/procedures you develop in your 'test' system will be written to AVOID security, and probably won't work correctly in a production environment.
Want root access? Simple...log in as your regular user, type in "su - " or "sudo -s", and there you go. Simple. Works the same on any system.
Thank you all for the replies appreciate all and sorry for the late reply! Guess I have to go with su -, but I really would like to know what stopping root from ssh in to a machine
Ssh has options to enable it, and strongly recommends against doing so. But if the security design of the system disallows it, then that won't allow it either.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.