[SOLVED] how to enable ssh on boot instead of login
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi, I am running Slackware on a very old laptop and I want to use it remotely, though I am running a full install just to avoid any problems. When every I want to connect to this laptop via ssh I have to login to an account, if I don't I get an error saying the connection timed out. How can I set sshd to run on boot instead of login?
Hi, I am running Slackware on a very old laptop and I want to use it remotely, though I am running a full install just to avoid any problems. When every I want to connect to this laptop via ssh I have to login to an account, if I don't I get an error saying the connection timed out. How can I set sshd to run on boot instead of login?
Usually you have both local login and sshd running. It is all controlled by the init system which on Slackware is configured by /etc/inittab.
I wouldn't recommend it, but if you really want to disable local login you can comment out the c1 - c6 agetty lines from /etc/inittab.
/etc/inittab also controls which startup scripts to run at different runlevels. Usually your computer is booted to a multi user runlevel which calls /etc/rc.d/rc.M and that script will call /etc/rc.d/rc.inet2 to start different network services. One of those network services is sshd which is started by a call to /etc/rc.d/rc.sshd.
The configuration of sshd is done by the file /etc/ssh/sshd_config
It is possible to configure sshd to allow root login, but it is really better to add some normal user account to the machine and use that account for your everyday work regardless if you login at the local console or by ssh.
The 'sshd' daemon should be started at boot already, via /etc/rc.d/rc.sshd, as long as its executable. It gets started via rc.M and rc.inet2 as henca mentioned.
It sounds more like your laptop is going to sleep/suspend in between sshd sessions, and you are having to wake it by physically logging in. You could try disabling suspend and possibly switching off the display if you want to keep it up and running.
I did that with an old macbook pro with a bad graphics card to run it as a "server" once. You can also disable the lid suspend so it can be closed and you dont have to worry about the cat walking over the keys.
Speaking of SSH keys, as I am not a servers Guru, lazy me uses the following script to setup a pair of keys.
Code:
#!/bin/sh
echo
echo This script will help you setup ssh public key authentication.
host=dummy
while [ -n "$host" ]; do
echo -n "SSH server: "
read host
if [ -n "$host" ]; then
echo -n "user[$USER]: "
read usr
if [ -z "$usr" ]; then
usr=$USER
fi
echo "Setting up RSA authentication for ${usr}@${host}..."
if [ -f ~/.ssh/id_rsa.pub ]; then
echo "RSA public key OK."
else
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
fi
scp ~/.ssh/id_rsa.pub ${usr}@${host}:~/
ssh ${usr}@${host} "if [ ! -d ~/.ssh ]; then
mkdir ~/.ssh
fi
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
rm ~/id_rsa.pub"
echo
echo "You should see the following message without being prompted for anything now..."
echo
ssh ${usr}@${host} "echo !!! Congratulations, you are now logged in as ${usr}@${host} !!!"
echo
echo "If you were prompted, public key authentication could not be configured..."
echo
echo "Enter a blank servername when done."
echo
fi
done
echo "End of configuration."
I do not remember where I found this script (its name is lussh), but it works well and after the keys setup, usually I block the password login at all - it's full of script kiddies where I live.
Last edited by LuckyCyborg; 06-20-2022 at 06:04 PM.
I am also not clear regarding the question being asked.
Once the system is up, you can log in via the console. Any account, including root. Security is provided by limiting physical access to the keyboard.
Once the system is up, and sshd is active, you can connect remotely using ssh. By design (I'm not sure how this is configured), you can connect using only a regular account. This excludes root. This is for security. So, to work with root remotely, you need to log in using a regular account, then su to root. That prevents people from trying to hack into root remotely.
This is normal. Are you asking if there is a way to change the behaviour of sshd so that it will allow a login using root? Probably harmless if you are only on a LAN where you or a trusted few can get remote access, but a Bad Idea with WAN exposure.
lazy me uses the following script to setup a pair of keys.
As part of the openssh installation, there is also a script called ssh-copy-id to copy public ssh-keys to another machine. Running this script will require that you give your password to the other machine in lack of existing public keys, but once the script has been run you can login with public keys instead of passwords.
By this I don't mean that LuckyCyborg should replace his well working script which also creates the public and private key pairs, I only mean that if some readers find it messy to install an extra script they already have a script installed which does at least some of the job.
By design (I'm not sure how this is configured), you can connect using only a regular account. This excludes root.
This is configured using the PermitRootLogin parameter in /etc/sshd_config. Unless you really know what you are doing, keeping its default value is really recommended.
I have changed the value of PermitRootLogin on a machine living in a secure network. Someone took that machine and moved it to a network connected to internet and with a public IP address. It took less than 30 minutes before the machine got rooted.
There are continuous attempts to access machines using the ssh protocol. This is from the log file of a raspberry pi connected to internet:
Code:
Jun 21 06:43:31 igor sshd[26721]: Failed password for invalid user bhuang from 118.187.8.36 port 60946 ssh2
Jun 21 06:43:31 igor sshd[26721]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:45:01 igor sshd[26723]: Invalid user nN from 118.187.8.36
Jun 21 06:45:01 igor sshd[26723]: input_userauth_request: invalid user nN [preauth]
Jun 21 06:45:01 igor sshd[26723]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:45:01 igor sshd[26723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:45:03 igor sshd[26723]: Failed password for invalid user nN from 118.187.8.36 port 50338 ssh2
Jun 21 06:45:03 igor sshd[26723]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:46:31 igor sshd[26725]: Invalid user vme from 118.187.8.36
Jun 21 06:46:31 igor sshd[26725]: input_userauth_request: invalid user vme [preauth]
Jun 21 06:46:31 igor sshd[26725]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:46:31 igor sshd[26725]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:46:33 igor sshd[26725]: Failed password for invalid user vme from 118.187.8.36 port 39734 ssh2
Jun 21 06:46:33 igor sshd[26725]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:48:03 igor sshd[26728]: Invalid user karry from 118.187.8.36
Jun 21 06:48:03 igor sshd[26728]: input_userauth_request: invalid user karry [preauth]
Jun 21 06:48:03 igor sshd[26728]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:48:03 igor sshd[26728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:48:05 igor sshd[26728]: Failed password for invalid user karry from 118.187.8.36 port 57364 ssh2
Jun 21 06:48:05 igor sshd[26728]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:49:42 igor sshd[26730]: Invalid user namwildfly from 118.187.8.36
Jun 21 06:49:42 igor sshd[26730]: input_userauth_request: invalid user namwildfly [preauth]
Jun 21 06:49:42 igor sshd[26730]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:49:42 igor sshd[26730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:49:45 igor sshd[26730]: Failed password for invalid user namwildfly from 118.187.8.36 port 46758 ssh2
Jun 21 06:49:47 igor sshd[26730]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:51:11 igor sshd[26732]: Invalid user tlcorecs from 118.187.8.36
Jun 21 06:51:11 igor sshd[26732]: input_userauth_request: invalid user tlcorecs [preauth]
Jun 21 06:51:11 igor sshd[26732]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:51:11 igor sshd[26732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:51:12 igor sshd[26732]: Failed password for invalid user tlcorecs from 118.187.8.36 port 36152 ssh2
Jun 21 06:51:12 igor sshd[26732]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:52:48 igor sshd[26734]: Invalid user marietjie from 118.187.8.36
Jun 21 06:52:48 igor sshd[26734]: input_userauth_request: invalid user marietjie [preauth]
Jun 21 06:52:48 igor sshd[26734]: pam_unix(sshd:auth): check pass; user unknown
Jun 21 06:52:48 igor sshd[26734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.187.8.36
Jun 21 06:52:50 igor sshd[26734]: Failed password for invalid user marietjie from 118.187.8.36 port 53780 ssh2
Jun 21 06:52:50 igor sshd[26734]: Received disconnect from 118.187.8.36: 11: Bye Bye [preauth]
Jun 21 06:59:46 igor sshd[26736]: Connection closed by 179.60.147.74 [preauth]
Jun 21 06:59:47 igor sshd[26738]: Connection closed by 179.60.147.74 [preauth]
Jun 21 07:31:53 igor sshd[25627]: fatal: Read from socket failed: Connection reset by peer [preauth]
Jun 21 07:32:00 igor sshd[25631]: Accepted publickey for henca from 192.168.17.2 port 61970 ssh2
In total more than 48000 different IP addresses has failed to connect by ssh to that raspberry pi.
I'm not clear about your question. Do you mean after the laptop has went to sleep/suspend?
this is when I turn on the computer and have the lid still open. I already set the computer to ignore the lid, through a user account. These are the steps I go through:
boot the laptop;
login to a non root account, lets call it USR;
close laptop lid;
on my other computer run ssh USR@192.168.0.***;
use the laptop through ssh.
what I am trying to do is remove step 2. Even with the lid open and looking at the login screen I cannot ssh into my laptop. My only conclusion is that sshd isn't started. I only use this computer in my home router, though I do plan on disabling passwords via ssh when I have this sorted out. Also if login to root via ssh were enabled, I'd disable it immediately after installing the OS
I think your laptop is in sleep mode when you close the lid. Maybe you can disable elogind power management handler by editing /etc/elogind/logind.conf in power/lid/suspend/hibernation section, set the value to ignore and then restart elogind or reboot.
This is configured using the PermitRootLogin parameter in /etc/sshd_config. Unless you really know what you are doing, keeping its default value is really recommended.
I have changed the value of PermitRootLogin on a machine living in a secure network. Someone took that machine and moved it to a network connected to internet and with a public IP address. It took less than 30 minutes before the machine got rooted.
There are continuous attempts to access machines using the ssh protocol. This is from the log file of a raspberry pi connected to internet:
<<snip>>
Yes ... This is why, in addition to IP Tables, I also set up my /etc/hosts.allow like the file below my sig.
-- kjh
Code:
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
# 192.168.0. - Lab LAN
# 192.168.1. - ATT LAN
# 172.16.116. - vmnet1
# 192.168.154. - vmnet8
#
ALL : 127.0.0.1 : ALLOW
ALL : [::1] : ALLOW
ALL : 192.168.0. : ALLOW
ALL : 192.168.1. : ALLOW
ALL : 172.16.116. : ALLOW
ALL : 192.168.154. : ALLOW
#
# last rule must have a newline so keep the final rem-line !
ALL : ALL : DENY
#
Shot in the dark : sshd is ok but network isn't up ?
Good shot, I think. I scanned the IPs on my network before logging in to an account (via slackware GUI) and I couldn't fine my laptop. After I logged into my usr account I was able to scan and find the laptop's IP address. So while on the login screen the laptop is not connected. How can I set the networkmanager to login on boot?
How can I set the networkmanager to login on boot?
I have never used networkmanager, instead I usually configure network settings by /etc/rc.d/rc.inet1.conf . Those settings will get applied by /etc/rc.d/rc.inet1 at boot, no need for anyone to login to get network working.
On laptops which connect to different networks I have used wicd instead of settings in rc.inet1.conf, then there will be not network connection until a user logs in and selects which network to connect to.
ok, I managed to get NetworkManager to start on boot following this post on LinuxQuestions.org. it was basically running chmod +x /etc/rc.d/rc.networkmanager. However I still cannot detect my laptop, so I logged as root using ctrl +alt+f2 and checked NetworkManagers status and it is running just not connected. Via the gui I logged on as root went to the connections tab in the system settings found my network and checked "all users may connect to this network" however after rebooting the laptop still does not connect to my wifi.
edit:
ok I made it work other than checking "all users may connect to this network" I also had to go to the connection's security tab and set: "Store password for all users (not encrypted)" basically following the steps in ArchWiki. Now I no longer have to login to an account to connect via ssh. I dont know how safe Store password for all users (not encrypted) is but since I only allow logging in via ssh using keys I dont think I'll have may problems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
