Unable to login as root in ssh [Archive]

View Full Version : Unable to login as root in ssh

ashvinsivram

April 27th, 2009, 08:18

Hi All,

I am unable to login as root when I am using ssh to this FreeBSD 7.1 server. Alreaddy configured the /etc/ssh/sshd_config still the issue persists. I am able to login on the local machine but not from the remote computer.

Please help!!

Thanks & Regards,

Ashwin

gilinko

April 27th, 2009, 08:53

Have you restarted the sshd server(/etc/rc.d/sshd restart) after you made the configuration changes?

And just to be on the safe side: enabling root to login via ssh is "a bad thing"(tm).

ale

April 27th, 2009, 09:13

You should login as normal user then use su - or sudo.

mousaka

April 27th, 2009, 11:58

There is an option PermitRootLogin in sshd_config to allow login for root. But I strongly recommend not to use this for security reasons.
Instead use su or sudo as already mentioned by ale.

mousaka

ashvinsivram

April 27th, 2009, 12:37

Yes, I have restarted the sshd (/etc/rc.d/sshd restart)and have no plans to use su in FreeBSD. Previously I have configured some file like (/etc/local) not sure, was working fine before. I am able to ssh from localhost not from another units.

SirDice

April 27th, 2009, 13:22

Which openssl are you running? The one in the base OS? Or the one installed via a port/package?

DutchDaemon

April 27th, 2009, 13:30

Openssl?

DutchDaemon

April 27th, 2009, 13:32

ashvinsivram

April 27th, 2009, 13:44

First of all I want to say Thanks to all, for the quick reply!!!:)

I did't install openssh. I am using the one that was installed by the OS.

Regards,

Ashwin

DutchDaemon

April 27th, 2009, 13:54

The sshd installed by the OS is OpenSSH.

phoenix

April 27th, 2009, 16:30

First, don't do this. :) Never login directly as root across a network connection.

Second, you really don't want to do this. :D

Third, if, for some bizarre reason, you are absolutely sure you want to do this, and give up one of the most important security features of the OS, then edit /etc/ssh/sshd_config, enable the PermitRootLogin option, then run /etc/rc.d/sshd reload to activate the change. Check the output of netstat -an|grep 22 to make sure it's running and LISTENing. Then try to connect remotely.

Fourth, you really should look into using SSH keys. Then you can create a key-pair for root, and change the PermitRootLogin option in sshd_config to without-password. That enables root logins via SSH *but only using SSH keys*. Normal password logins are not allowed. It's the least of all evils, if you are bound and determined to use remote root logins.

And, last, you really should not do this. :h

SirDice

April 27th, 2009, 17:20

Openssl?

I meant OpenSSH of course :r

April 27th, 2009, 17:38

What does 'not being able to login' look like? No connection to the server, or endless username/password questions?

BTW, 'not planning to use su' is saying goodbye to one of the most import security features in FreeBSD. Don't come asking for help when someone grabs root on your machine.

What's the difference between a clean root login and a root login (su) from within the shell of a wheel member? You are root after being logged in normally and you are the same root after having done a su command.

anomie

April 27th, 2009, 17:45

What's the difference between a clean root login and a root login (su) from within the shell of a wheel member? You are root after being logged in normally and you are the same root after having done a su command.

Another layer of security: An extra hurdle, more warning signs in the logs, and potentially a lot of extra time for you to detect an attacker.

DutchDaemon

April 27th, 2009, 17:47

The fact that you have to enter a password twice should give something away about security layers .. It buys you that much more time to take action, and the fact that the attacker doesn't know who's in the wheel group before he manages to crack an account will put su out of reach if he didn't get it right the first time. Three layers (account -> wheel -> su), even more time.

anomie

April 27th, 2009, 18:07

@MG: I also forgot to add one detail -- everyone knows there is an account called 'root' on a *nix system. Good target for brute force. Not everyone knows there is an account called 'mrbig'. :)

April 27th, 2009, 18:22

Allright, I'm starting to get it...
But when I change my root shell to sdkjhfskjh I can't su from another user so the root account is still needed and still needs a shell to be set.
What does work is sudo bash. Then I become root running a bash shell. But the sudo port is needed. Maybe this also works when root does not exist, but I find it a bit risky to try that out. At least a few system processes will complain about that.

ashvinsivram

April 27th, 2009, 19:55

I dont know what you people are talking about??? DutchDeamon was correct...
People Please help me !!!! if you you are talking something else please give me reference....

April 27th, 2009, 20:07

Sorry, I got off-topic.
Can you login via ssh with a regular user?
What happens exactly when you try to login via ssh as root?
Does it help if you rename the ~/.ssh dir (where your public keys are stored.)
Do /var/log/messages or /var/log/auth.log on the server say anything?

ashvinsivram

April 27th, 2009, 20:20

Hey Bro,

I am able to login like ssh localhost as root. But I am not able to login from my Ubuntu server...

SirDice

April 28th, 2009, 15:19

Run both the server (sshd on fbsd) and the client (ssh on ubuntu) with the -v switch. The clue why it's not working will be in the logging.

If you can't figure it out yourself, please post those log files. If you don't post them well be guessing until next Christmas and it still won't work.

We're good (I know I am :e) but we can't see what's happening on your screen and we can't read your mind.

ashvinsivram

April 28th, 2009, 19:03

anomie

April 28th, 2009, 19:43

@ashvinsivram: Looking back at your posts I have to concur that we have next to nothing to go on to (try to) help you. Please clearly answer each of the following:

Are you able to ssh from your Ubuntu box to your FreeBSD server as any user? Is only root having issues?
What are the IP addresses and subnets associated with each box? (Post the output of ifconfig if you are not sure.)
Can you ping from the Ubuntu box to the FreeBSD server?
Is port 22 on the FreeBSD server open to the Ubuntu box? (From the Ubuntu box, run nc -zvw 1 freebsd.ip.here 22 and post the output if you are not sure.)
Are you running a packet filtering firewall on your FreeBSD server? (Post the output of kldstat if you are not sure.)
Is sshd listening on an external interface on the FreeBSD server? (Post the output of sockstat -4l if you are not sure.)

(Once these basics are out of the way, there will probably be more questions.)

tangram

April 28th, 2009, 20:02

You said you were unable to login from a remote computer but could login from the local network...Did you Port Forward SSH's port to target IP address?

April 28th, 2009, 20:18

Hi SirDice,

I am newbie to this FreeBSD. But last month I had the same issue, but apart from sshd_config I configured some other file. I dont know the exact file name I remember it's like (/etc/local) something like that, but I remember local... Because, ssh_config will allow the root to login in ssh but there is something which not allowing me to login in other tty... I hope you understand.. If you want the log file, explain me how to access it I will post it here..

I usually don't say this on a forum, but it looks like you definately need to read some docs about FreeBSD or UNIX. Configuring sshd without knowing how to read your log files tells me you are learning things in the wrong order. First find your way around in userland, then start configuring and installing things.
I you seriously want to learn FreeBSD, get rid of all your other operating systems and force yourself to get things done in FreeBSD. I did it and it works the best.

/etc/local is not a default FreeBSD directory.

/etc contains config files of the base system and /usr/local/etc contains config files of any installed apps.
Your log files are in /var/log. You can read them with the command cat filename | more or with the ee editor.

Please try to login on ssh and post the last 20 lines of both /var/log/messages and /var/log/auth.log
It would be nice to also post the things Ubuntu says to you when trying to log in.

ashvinsivram

April 29th, 2009, 15:50

anomie: Answering to your questions.

1. Yes, I am able to ssh from your Ubuntu box to your FreeBSD server as normal user.

2. From FreeBSD:
FreeBSD# ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:11:09:13:22:d1
inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active

From Ubuntu:

wlan0 Link encap:Ethernet HWaddr 00:16:ea:d6:10:a0
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::216:eaff:fed6:10a0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2088 errors:0 dropped:0 overruns:0 frame:0
TX packets:2152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1744895 (1.7 MB) TX bytes:363369 (363.3 KB)

3.
ashwin@Ubuntu-laptop:~$ ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.750 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.835 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.829 ms
64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.826 ms
64 bytes from 192.168.1.3: icmp_seq=5 ttl=64 time=0.822 ms
^C
--- 192.168.1.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.750/0.812/0.835/0.040 ms

4.
ashwin@Ubuntu-laptop:~$ nc -zvw 1 192.168.1.3 22
192.168.1.3: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.1.3] 22 (ssh) open
ashwin@Ubuntu-laptop:~$ ssh 192.168.1.3
Password:

5.
FreeBSD# kldstat
Id Refs Address Size Name
1 12 0xc0400000 97f830 kernel
2 1 0xc0d80000 6a2c4 acpi.ko
3 1 0xc3116000 22000 linux.ko
4 1 0xc3393000 6000 i915.ko
5 1 0xc3399000 f000 drm.ko
FreeBSD#

6.
FreeBSD# sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root inetd 774 5 tcp4 *:21 *:*
root inetd 774 6 tcp4 *:23 *:*
root inetd 774 8 tcp4 *:513 *:*
root sendmail 745 3 tcp4 127.0.0.1:25 *:*
root sshd 739 4 tcp4 *:22 *:*
root syslogd 590 7 udp4 *:514 *:*
FreeBSD#

ashvinsivram

April 29th, 2009, 16:00

MG:

You are really correct! Thanks for your advice. I am doing the same mistake. I am working on HP-UX. Due to hardware I am unable to use UX at home. So, at home first started with Solaris, then Debian, then FreeBSD, then Ubuntu, now again back to FreeBSD.

Now, I decided as you said "you seriously want to learn FreeBSD, get rid of all your other operating systems and force yourself to get things done in FreeBSD."

SirDice

April 29th, 2009, 16:24

FreeBSD# sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root inetd 774 5 tcp4 *:21 *:*
root inetd 774 6 tcp4 *:23 *:*
root inetd 774 8 tcp4 *:513 *:*
root sendmail 745 3 tcp4 127.0.0.1:25 *:*
root sshd 739 4 tcp4 *:22 *:*
root syslogd 590 7 udp4 *:514 *:*
FreeBSD#
Just a hint, turn off telnet and rsh. Turn off inetd too.

Also add to /etc/rc.conf:

syslogd_flags="-ss"

That will stop syslogd from listening to network syslog messages. It's quite easy to spoof and it will fill up your logs.

anomie

April 29th, 2009, 17:30

@ashvinsivram: OK, now we are getting somewhere.

Now, on the FreeBSD server, run tail -f /var/log/auth.log

Keep that running in a terminal. Next, from the Ubuntu box, try to ssh in as root to the FreeBSD server.

What do you see showing up in auth.log exactly? Please post it here.

ashvinsivram

April 29th, 2009, 19:30

Apr 29 23:56:28 FreeBSD sshd[96241]: Accepted keyboard-interactive/pam for ashwin from 192.168.1.4 port 38118 ssh2
Apr 29 23:56:42 FreeBSD login: pam_acct_mgmt(): authentication error
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: error connecting to D-BUS system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: Scheduling hal init retry
Apr 29 23:57:14 FreeBSD login: 1 LOGIN FAILURE ON ttyp2
Apr 29 23:57:14 FreeBSD login: 1 LOGIN FAILURE ON ttyp2, root

Actually when I type ssh FreeBSD.ipaddress it's not showing me login it's directly asking for password.

anomie

April 29th, 2009, 19:34

From the Ubuntu box, use: ssh root@<freebsd.ip.here>

Try that and repeat the same steps from my last post again (i.e. tail auth.log and post the results).

ashvinsivram

April 29th, 2009, 19:39

Apr 30 00:07:58 FreeBSD sshd[51866]: Accepted keyboard-interactive/pam for root from 192.168.1.4 port 52235 ssh2

Bingo!!!! it's Working...:)

SirDice

April 29th, 2009, 19:40

Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: error connecting to D-BUS system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: Scheduling hal init retry
Not related but you don't seem to have dbus running.

This isn't getting us anywhere, to much other crap in the logs x(

Stop the sshd on the fbsd box: /etc/rc.d/sshd stop
Run in a terminal, as root: /usr/sbin/sshd -d

On the Ubuntu box run, as root: ssh -v root@ipaddressfbsdbox

Please post the outputs of both commands..

SirDice

April 29th, 2009, 19:41

Apr 30 00:07:58 FreeBSD sshd[51866]: Accepted keyboard-interactive/pam for root from 192.168.1.4 port 52235 ssh2

Bingo!!!! it's Working...:)
Ok.. What made it work?

ashvinsivram

April 29th, 2009, 19:47

Now, I really somewhat understand the issue. (Please do not scold me)..

The thing is I configured same username and password in ubuntu and in FreeBSD. So, whenever I try to ssh it's asking only for password and when I try to login as root it's not allowing me.. Now, I logged in as root@ipaddress it's working now.. Please correct me if I am wrong!!�e�e

ashvinsivram

April 29th, 2009, 19:50

Not related but you don't seem to have dbus running.

This isn't getting us anywhere, to much other crap in the logs x(

Stop the sshd on the fbsd box: /etc/rc.d/sshd stop
Run in a terminal, as root: /usr/sbin/sshd -d

On the Ubuntu box run, as root: ssh -v root@ipaddressfbsdbox

Please post the outputs of both commands..

I installed Apache22 and it's not working and I checked one of your posts..there you mentioned update the ports. So, in background I am updating the ports.

SirDice

April 29th, 2009, 20:28

The thing is I configured same username and password in ubuntu and in FreeBSD. So, whenever I try to ssh it's asking only for password and when I try to login as root it's not allowing me.. Now, I logged in as root@ipaddress it's working now.. Please correct me if I am wrong!!�e�e

Yes, if you use ssh to login from boxA to boxB it will use the username you have on boxA to login on boxB. You can use the -u switch or the @ syntax to specify a specific user.

ashvinsivram

April 29th, 2009, 20:39

Once Again!! I want to say thanks to everybody, who helped me a lot to resolve the issue...

Thanks & Regards,

Ashwin

DutchDaemon

April 29th, 2009, 22:56

ashvinsivram: always use CODE tags (http://forums.freebsd.org/misc.php?do=bbcode#code) for posting system output! Or did you totally miss the fact that a bunch of your posts has been edited to add those tags?

Trojan

May 3rd, 2009, 16:38

Third, if, for some bizarre reason, you are absolutely sure you want to do this, and give up one of the most important security features of the OS, then edit /etc/ssh/sshd_config, enable the PermitRootLogin option, then run /etc/rc.d/sshd reload to activate the change. Check the output of netstat -an|grep 22 to make sure it's running and LISTENing. Then try to connect remotely.

I made all the the things phoenix wrote i.e. edited option PermitRootLogin for "YES" then run /etc/rc.d/sshd reload (also restarted the machine) BUT still can't connect remotely via ssh as root. As regular user ther is no problem with remote connect. Here is the console outputs:

from Windows XP station
login as: root
Using keyboard-interactive authentication.
Password:
Access denied

from FreeBSD server
shlus# May 3 18:05:59 shlus sshd[933] error: PAM: authentication error
for root from 192.168.1.100

What should I do else or what I missed to do?

kamikaze

May 3rd, 2009, 16:56

I suspect he didn't enable sshd. Run onestart and if it works afterwards that means you forgot to set sshd_enable="YES" in your /etc/rc.conf.

phoenix

May 4th, 2009, 17:07

May 4th, 2009, 19:02

@kamikaze: If you switched hostnames or networking cards FreeBSD might think someone is trying to attack your network by pretending to be one of the local machines. In that case move or remove roots' ~/.ssh/known_hosts

edit: that should be @trojan

anomie

May 4th, 2009, 19:08

IMO, Trojan's question deserves its own thread. The OP (ashvinsivram) has solved his problem already.

DutchDaemon

May 4th, 2009, 19:28

anomie, I see your point, but the problem's similar/related, and I'd have to butcher that post to extricate it from this thread, probably causing more confusion than help. So we'll just let it peter out.

Trojan

May 5th, 2009, 08:28

SSH is obviously working, otherwise he wouldn't get a login prompt. :)

Trojan: Can you SSH from the FreeBSD console to localhost? ssh -l root localhost

Can you add a -v or two to the SSH command, to see what the error is ssh -l root -vv localhost
When I run ssh -l root localhost I get the next:
shlus# ssh -l root localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
DSA key fingerpront is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)?

And here is the output of ssh -l root -vv localhost:
shlus# ssh -l root -vv localhost
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 FreeBSD-20080901
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 136/256
debug2: bits set: 534/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host localhost
debug2: no key of type 1 for host localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
DSA key fingerprint is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)?

gilinko

May 5th, 2009, 08:34

ashvinsivram

May 6th, 2009, 08:34

IMO, Trojan's question deserves its own thread. The OP (ashvinsivram) has solved his problem already.

Not a Problem! Let us help this guy.. Even people like me will learn how to troubleshoot SSH issues..�e

Regards,

Ashwin

Trojan

May 6th, 2009, 09:12

@Trojan: That message indicates that you currently don't have the DSA key stored in your known_hosts file. Answer yes and it will store the profile key and give you a password prompt. Nest time you connect you will not be asked if you trust this key as you have already accepted it, and you will just be prompted to give your password.

Now if this key change for this particular host, you will get a stern warning as the system you are connecting to aren't the same as the one you accepted a key for(aka a possible breach of security on the remote host).
I logged in locally on FreeBSD macine then run ssh -l root localhost and here the output of what I got:
shlus# ssh -l root shlus
The authenticity of host 'shlus.home (192.168.1.1)' can't be established.
DSA key fingerprint is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'shlus.home' (DSA) to the list of known hosts.
Password: <- here I entered the password for root
May 6 12:45:25 shlus sshd[882]: error: PAM: authentication error for root from localhost
Password: <- here I entered the password for root
Password: <- here I entered the password for root
Permission denied (publickey,keyboard-interactive).

Where I was mistaken?

phoenix

May 6th, 2009, 16:52

And what shows in /var/log/auth.log on shlus after you try to login?

Trojan

May 7th, 2009, 07:51

And what shows in /var/log/auth.log on shlus after you try to login?
May 7 11:43:13 shlus sshd[813]: error: PAM: authentication error for root from
localhost
May 7 11:43:22 shlus last message repeated 2 times

Dryanta

May 7th, 2009, 18:38

Essentially, unless you are playing with pam modules and alternative logon methods there are three possible problems.

1: You did not make the correct change in /etc/ssh/sshd_config.
2: You did not use the rcfile or kill to restart the daemon.
3: You are fat-fingering your password.

Trojan

May 24th, 2009, 17:11

Finally I solved the issue with ssh login under root.
In my case the problem was that parameter "AllowRootLogin yes" wasn't uncommented and it was my fault of course. I uncommented this parameter and now it's OK.
Do excuse me please for misleading and ty for trying to help me.

jackfree

August 14th, 2012, 10:18

i have tried to remote login into freebsd 7.1, but it is throwing PAM: authentication error for root. I have only one login that is root. No other user i have created since i am only using. I am not able to login through putty or winscp?

Please tell me any solution how to recover.:(