LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware > Slackware - ARM
User Name
Password
Slackware - ARM This forum is for the discussion of Slackware ARM.

Notices


Reply
  Search this Thread
Old 09-03-2015, 04:46 PM   #1
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Last night upgrades can no longer login


I ran slackpkg update and upgrade-all last night and now I can no longer login to either of my Raspebrry Pi's, they both tell me my password is wrong? Is there a way to log in now and recover?
 
Old 09-03-2015, 05:47 PM   #2
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 6,316

Rep: Reputation: Disabled
Use single user mode.
 
Old 09-03-2015, 06:01 PM   #3
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
I'd have to buy a monitor, both I setup headless.
I did find that I can ssh in via another account and su to root without issues on one, which makes me think a config file changed (IIRC thats a setting in SSH). So I can get in one but the other I don't have another account to use.
I'm wondering why the SSH setting would have changed.

Config file looks like this:
Code:
#PermitRootLogin yes
I bet they changed the default in ssh so if the setting is not specified (as above where its commented out) it now defaults to no.

Last edited by enine; 09-03-2015 at 06:44 PM.
 
Old 09-04-2015, 03:40 AM   #4
drmozes
Slackware Contributor
 
Registered: Apr 2008
Location: Surrey, England
Distribution: Slackware
Posts: 854

Rep: Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642
Quote:
Originally Posted by enine View Post
I'd have to buy a monitor, both I setup headless.
I did find that I can ssh in via another account and su to root without issues on one, which makes me think a config file changed (IIRC thats a setting in SSH). So I can get in one but the other I don't have another account to use.
I'm wondering why the SSH setting would have changed.

Config file looks like this:
Code:
#PermitRootLogin yes
I bet they changed the default in ssh so if the setting is not specified (as above where its commented out) it now defaults to no.
I don't know which version of sshd you upgraded from, but the version (7.0p1) prior to the latest batch (7.1p1), has this default according to the man page of sshd_config:

Code:
   PermitRootLogin
             Specifies whether root can log in using ssh(1).  The argument must be ``yes'', ``prohibit-password'', ``without-password'', ``forced-commands-only'', or ``no''.  The
             default is ``prohibit-password''.
So if you had 'PermitRootLogin yes' commented out as you have shown above, I'm not sure how you logged in as root to begin with.
Also, if the /etc/ssh/sshd_config file is different from the incoming version in the new package you're upgrading to, it'll move the incoming version to sshd_config.new. Therefore if you had an sshd_config that did allow you to explicitly login as root, you'd still be able to do so.

As for fixing it - can't you boot in to the installer using the serial console?
 
Old 09-04-2015, 05:20 AM   #5
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Thats the only thing I can thing of that is preventing it. I see its commented out in both the original and .new config file. I wonder if there was a bug in the old version and it was allowing even if it was commented out. I didn't change that from the Slackware install.
 
Old 09-04-2015, 02:23 PM   #6
Penthux
Member
 
Registered: Dec 2008
Location: Middlesbrough, UK
Distribution: Slackware
Posts: 264

Rep: Reputation: 74
Quote:
Originally Posted by enine View Post
Config file looks like this:
Code:
#PermitRootLogin yes
I never allow root to login remotely on any of my Slackware systems.

Couldn't you just mount the sd card partitions on the rpi that is allowing you to login and edit the sshd_config file that way?
 
Old 09-04-2015, 02:35 PM   #7
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Yea, I just don't want to hard shutdown the other one, mysql tends to not like that
 
Old 09-05-2015, 04:16 AM   #8
drmozes
Slackware Contributor
 
Registered: Apr 2008
Location: Surrey, England
Distribution: Slackware
Posts: 854

Rep: Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642
Quote:
Originally Posted by enine View Post
Thats the only thing I can thing of that is preventing it. I see its commented out in both the original and .new config file. I wonder if there was a bug in the old version and it was allowing even if it was commented out. I didn't change that from the Slackware install.
It's possible but unlikely - I expect that someone would have noticed if they could login as root without the config being set.
If you find out what it is, let me know since we want to try and avoid these kinds of problems during the upgrade from 14.1 to 14.2. Pat's going to make some changes to the doinst.sh script to try and aid the transition, but I don't think it'd have caught whatever this problem is.
 
Old 09-05-2015, 05:18 PM   #9
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Old sshd_config dated 12/9/2014

Code:
#	$OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox		# Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
New sshd_config dated 8/12/2015
Code:
#	$OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Ciphers and keying
#RekeyLimit default none

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox		# Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server
Notice the PermitRootLogin is commented in both but I was able to login before. I do see the comments at the top of the new file says the options listed and commented are the defaults and that they added prohibitpassword in the .new file which implies that is the default now.
Well their bsd sshd man page says the default is No.

Hey, I'm not completely crazy after all

Quote:
Changes since OpenSSH 7.0
=========================

This is a bugfix release.

Security
--------

* sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
prohibit-password/without-password that could, depending on
compile-time configuration, permit password authentication to
root while preventing other forms of authentication. This problem
was reported by Mantas Mikulenas.
http://www.openssh.com/txt/release-7.1

Looks like we had 6.7 before looking at my last -current download. Maybe there were more changes prior, it tells me at very least they were fscking with that portion.

Last edited by enine; 09-05-2015 at 05:31 PM.
 
Old 09-05-2015, 06:07 PM   #10
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Quote:
Originally Posted by drmozes View Post
let me know since we want to try and avoid these kinds of problems during the upgrade from 14.1 to 14.2.
Wait, did we just get a hint as to the next release of Slackware being 14.2?

No 14.42 to follow in 13.37's footsteps huh?
 
Old 09-06-2015, 12:43 PM   #11
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242
Uh! oh! That PermitRootLogin option made me out of my OrangePI cutie, too...

I was forced to mount the harddisk in a PC and to edit by hand that option.

BTW, OrangePI works very similar with BananaPI, having as plus, the native VGA output. A very useful thingy considering that I use for it a cheap and so old 15" LCD monitor, with native resolution of 1280x720 (that's normal HD, if I remember right).
 
Old 09-06-2015, 01:19 PM   #12
drmozes
Slackware Contributor
 
Registered: Apr 2008
Location: Surrey, England
Distribution: Slackware
Posts: 854

Rep: Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642Reputation: 642
Quote:
Originally Posted by Darth Vader View Post
Uh! oh! That PermitRootLogin option made me out of my OrangePI cutie, too...

I was forced to mount the harddisk in a PC and to edit by hand that option.

BTW, OrangePI works very similar with BananaPI, having as plus, the native VGA output. A very useful thingy considering that I use for it a cheap and so old 15" LCD monitor, with native resolution of 1280x720 (that's normal HD, if I remember right).
*laughs* Slow news day on LQ, I take it? :-)
Your posts make me laugh.

As for 14.2 as for the version, yes.
 
Old 09-06-2015, 01:45 PM   #13
Darth Vader
Senior Member
 
Registered: May 2008
Location: Romania
Distribution: DARKSTAR Linux 2008.1
Posts: 2,727

Rep: Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242Reputation: 1242
BTW, I have two 10" netbooks, one is a WM8650, another a WM8850. Also a Cubieboard2 (Allwinner-A20), a BananaPI and one OrangePI. In those I have managed to run Slackware ARM. To be precise, using the Android kernels and modules, "borrowed" from their original Android systems. In fact, that's my principle: use the Android kernels, if possible. Right now, only BananaPI run your shipped kernel, being used as a file-server.

Also, I have another 9" WM8880 netbook, and some TV boxes, one is RK3066, another is RK3188, which I has with not luck to run Slackware on them, and I use them, literally, as Android TV boxes, i.e. the MK808B (RK3066 driven) I use as secondary (Android) system, to watch movies and series, from a 3.5" 1TB external hard disk enclosure, on a 24" monitor.

Finally, right now I have some plans to buy an OrangePI Plus.

I wonder what make you to *laught* ...

Last edited by Darth Vader; 09-06-2015 at 02:10 PM.
 
Old 09-06-2015, 02:44 PM   #14
enine
Senior Member
 
Registered: Nov 2003
Distribution: Slackware 14.2, SlackwareArm-current
Posts: 1,217

Original Poster
Blog Entries: 4

Rep: Reputation: 183Reputation: 183
Quote:
Originally Posted by drmozes View Post

As for 14.2 as for the version, yes.
So when will it release???


And yes it was a simple matter to put my drive in another system and uncomment the line in the config, I just didn't want to have to yank the power from my Pi, mysql usually doesn't like that.
 
Old 09-08-2015, 01:14 PM   #15
gus3
Member
 
Registered: Jun 2014
Distribution: Slackware (x86 and ARM)
Posts: 205

Rep: Reputation: Disabled
I got bit by that, too. OpenSSH no longer allows remote root login by default, although you can to a non-root remote login and then "su" to get root privs. And, philosophically and as a matter of security, it's the right thing to do anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Upgraded to 13.1 and can no longer login to X damgar Slackware 1 05-25-2010 08:52 PM
Login name longer that 8 signs ? czezz Solaris / OpenSolaris 2 07-06-2008 01:17 AM
New User, Can no longer login Salad Shooter Slackware 6 07-17-2005 10:55 PM
Can no longer login.. TotalLinuxNoob Linux - General 1 05-14-2005 12:24 PM
No longer able to login in GUI mode marvc Linux - Newbie 4 08-22-2002 06:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware > Slackware - ARM

All times are GMT -5. The time now is 06:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration