• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Unable to login as root in ssh

ashvinsivram

Member


Messages: 20

#1
Hi All,

I am unable to login as root when I am using ssh to this FreeBSD 7.1 server. Alreaddy configured the /etc/ssh/sshd_config still the issue persists. I am able to login on the local machine but not from the remote computer.


Please help!!

Thanks & Regards,

Ashwin
 

gilinko

Well-Known Member

Thanks: 57
Messages: 416

#2
Have you restarted the sshd server(/etc/rc.d/sshd restart) after you made the configuration changes?

And just to be on the safe side: enabling root to login via ssh is "a bad thing"(tm).
 

mousaka

Member

Thanks: 7
Messages: 56

#4
There is an option PermitRootLogin in sshd_config to allow login for root. But I strongly recommend not to use this for security reasons.
Instead use su or sudo as already mentioned by ale.

mousaka
 

ashvinsivram

Member


Messages: 20

#5
Yes, I have restarted the sshd (/etc/rc.d/sshd restart)and have no plans to use su in FreeBSD. Previously I have configured some file like (/etc/local) not sure, was working fine before. I am able to ssh from localhost not from another units.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,096
Messages: 26,987

#6
Which openssl are you running? The one in the base OS? Or the one installed via a port/package?
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,212

#8
What does 'not being able to login' look like? No connection to the server, or endless username/password questions?

BTW, 'not planning to use su' is saying goodbye to one of the most import security features in FreeBSD. Don't come asking for help when someone grabs root on your machine.
 

ashvinsivram

Member


Messages: 20

#9
First of all I want to say Thanks to all, for the quick reply!!!:)


I did't install openssh. I am using the one that was installed by the OS.

Regards,

Ashwin
 

phoenix

Administrator
Staff member
Administrator
Moderator

Thanks: 1,124
Messages: 3,944

#11
First, don't do this. :) Never login directly as root across a network connection.

Second, you really don't want to do this. :D

Third, if, for some bizarre reason, you are absolutely sure you want to do this, and give up one of the most important security features of the OS, then edit /etc/ssh/sshd_config, enable the PermitRootLogin option, then run /etc/rc.d/sshd reload to activate the change. Check the output of netstat -an|grep 22 to make sure it's running and LISTENing. Then try to connect remotely.

Fourth, you really should look into using SSH keys. Then you can create a key-pair for root, and change the PermitRootLogin option in sshd_config to without-password. That enables root logins via SSH *but only using SSH keys*. Normal password logins are not allowed. It's the least of all evils, if you are bound and determined to use remote root logins.

And, last, you really should not do this. :h
 

MG

Active Member

Thanks: 16
Messages: 191

#13
DutchDaemon said:
What does 'not being able to login' look like? No connection to the server, or endless username/password questions?

BTW, 'not planning to use su' is saying goodbye to one of the most import security features in FreeBSD. Don't come asking for help when someone grabs root on your machine.
What's the difference between a clean root login and a root login (su) from within the shell of a wheel member? You are root after being logged in normally and you are the same root after having done a su command.
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#14
MG said:
What's the difference between a clean root login and a root login (su) from within the shell of a wheel member? You are root after being logged in normally and you are the same root after having done a su command.
Another layer of security: An extra hurdle, more warning signs in the logs, and potentially a lot of extra time for you to detect an attacker.
 

DutchDaemon

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 2,584
Messages: 11,212

#15
The fact that you have to enter a password twice should give something away about security layers .. It buys you that much more time to take action, and the fact that the attacker doesn't know who's in the wheel group before he manages to crack an account will put su out of reach if he didn't get it right the first time. Three layers (account -> wheel -> su), even more time.
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#16
@MG: I also forgot to add one detail -- everyone knows there is an account called 'root' on a *nix system. Good target for brute force. Not everyone knows there is an account called 'mrbig'. :)
 

MG

Active Member

Thanks: 16
Messages: 191

#17
Allright, I'm starting to get it...
But when I change my root shell to sdkjhfskjh I can't su from another user so the root account is still needed and still needs a shell to be set.
What does work is sudo bash. Then I become root running a bash shell. But the sudo port is needed. Maybe this also works when root does not exist, but I find it a bit risky to try that out. At least a few system processes will complain about that.
 

ashvinsivram

Member


Messages: 20

#18
I dont know what you people are talking about??? DutchDeamon was correct...
People Please help me !!!! if you you are talking something else please give me reference....
 

MG

Active Member

Thanks: 16
Messages: 191

#19
Sorry, I got off-topic.
Can you login via ssh with a regular user?
What happens exactly when you try to login via ssh as root?
Does it help if you rename the ~/.ssh dir (where your public keys are stored.)
Do /var/log/messages or /var/log/auth.log on the server say anything?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,096
Messages: 26,987

#21
Run both the server (sshd on fbsd) and the client (ssh on ubuntu) with the -v switch. The clue why it's not working will be in the logging.

If you can't figure it out yourself, please post those log files. If you don't post them well be guessing until next Christmas and it still won't work.

We're good (I know I am :e) but we can't see what's happening on your screen and we can't read your mind.
 

ashvinsivram

Member


Messages: 20

#22
Hi SirDice,

I am newbie to this FreeBSD. But last month I had the same issue, but apart from sshd_config I configured some other file. I dont know the exact file name I remember it's like (/etc/local) something like that, but I remember local... Because, ssh_config will allow the root to login in ssh but there is something which not allowing me to login in other tty... I hope you understand.. If you want the log file, explain me how to access it I will post it here..
 

anomie

Aspiring Daemon

Thanks: 118
Messages: 781

#23
@ashvinsivram: Looking back at your posts I have to concur that we have next to nothing to go on to (try to) help you. Please clearly answer each of the following:
  1. Are you able to ssh from your Ubuntu box to your FreeBSD server as any user? Is only root having issues?
  2. What are the IP addresses and subnets associated with each box? (Post the output of # ifconfig if you are not sure.)
  3. Can you ping from the Ubuntu box to the FreeBSD server?
  4. Is port 22 on the FreeBSD server open to the Ubuntu box? (From the Ubuntu box, run # nc -zvw 1 freebsd.ip.here 22 and post the output if you are not sure.)
  5. Are you running a packet filtering firewall on your FreeBSD server? (Post the output of # kldstat if you are not sure.)
  6. Is sshd listening on an external interface on the FreeBSD server? (Post the output of # sockstat -4l if you are not sure.)

(Once these basics are out of the way, there will probably be more questions.)
 

tangram

Aspiring Daemon

Thanks: 71
Messages: 523

#24
You said you were unable to login from a remote computer but could login from the local network...Did you Port Forward SSH's port to target IP address?
 

MG

Active Member

Thanks: 16
Messages: 191

#25
ashvinsivram said:
Hi SirDice,

I am newbie to this FreeBSD. But last month I had the same issue, but apart from sshd_config I configured some other file. I dont know the exact file name I remember it's like (/etc/local) something like that, but I remember local... Because, ssh_config will allow the root to login in ssh but there is something which not allowing me to login in other tty... I hope you understand.. If you want the log file, explain me how to access it I will post it here..
I usually don't say this on a forum, but it looks like you definately need to read some docs about FreeBSD or UNIX. Configuring sshd without knowing how to read your log files tells me you are learning things in the wrong order. First find your way around in userland, then start configuring and installing things.
I you seriously want to learn FreeBSD, get rid of all your other operating systems and force yourself to get things done in FreeBSD. I did it and it works the best.

/etc/local is not a default FreeBSD directory.

/etc contains config files of the base system and /usr/local/etc contains config files of any installed apps.
Your log files are in /var/log. You can read them with the command
Code:
cat filename | more
or with the ee editor.

Please try to login on ssh and post the last 20 lines of both /var/log/messages and /var/log/auth.log
It would be nice to also post the things Ubuntu says to you when trying to log in.
 
Top