• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Unable to login as root in ssh

ashvinsivram

Member


Messages: 20

#26
anomie: Answering to your questions.

1. Yes, I am able to ssh from your Ubuntu box to your FreeBSD server as normal user.

2. From FreeBSD:
Code:
FreeBSD# ifconfig
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=8<VLAN_MTU>
       ether 00:11:09:13:22:d1
       inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
       media: Ethernet autoselect (100baseTX <full-duplex>)
       status: active
From Ubuntu:
Code:
wlan0     Link encap:Ethernet  HWaddr 00:16:ea:d6:10:a0  
          inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::216:eaff:fed6:10a0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2088 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2152 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1744895 (1.7 MB)  TX bytes:363369 (363.3 KB)
3.
Code:
ashwin@Ubuntu-laptop:~$ ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.750 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.835 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.829 ms
64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.826 ms
64 bytes from 192.168.1.3: icmp_seq=5 ttl=64 time=0.822 ms
^C
--- 192.168.1.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.750/0.812/0.835/0.040 ms
4.
Code:
ashwin@Ubuntu-laptop:~$ nc -zvw 1 192.168.1.3 22
192.168.1.3: inverse host lookup failed: Unknown host
(UNKNOWN) [192.168.1.3] 22 (ssh) open
ashwin@Ubuntu-laptop:~$ ssh 192.168.1.3
Password:
5.
Code:
FreeBSD# kldstat
Id Refs Address    Size     Name
 1   12 0xc0400000 97f830   kernel
 2    1 0xc0d80000 6a2c4    acpi.ko
 3    1 0xc3116000 22000    linux.ko
 4    1 0xc3393000 6000     i915.ko
 5    1 0xc3399000 f000     drm.ko
FreeBSD#
6.
Code:
FreeBSD# sockstat -4l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     inetd      774   5  tcp4   *:21                  *:*
root     inetd      774   6  tcp4   *:23                  *:*
root     inetd      774   8  tcp4   *:513                 *:*
root     sendmail   745   3  tcp4   127.0.0.1:25          *:*
root     sshd       739   4  tcp4   *:22                  *:*
root     syslogd    590   7  udp4   *:514                 *:*
FreeBSD#
 

ashvinsivram

Member


Messages: 20

#27
MG:

You are really correct! Thanks for your advice. I am doing the same mistake. I am working on HP-UX. Due to hardware I am unable to use UX at home. So, at home first started with Solaris, then Debian, then FreeBSD, then Ubuntu, now again back to FreeBSD.

Now, I decided as you said "you seriously want to learn FreeBSD, get rid of all your other operating systems and force yourself to get things done in FreeBSD."
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,496
Messages: 25,662

#28
ashvinsivram said:
Code:
FreeBSD# sockstat -4l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     inetd      774   5  tcp4   *:21                  *:*
root     inetd      774   6  tcp4   *:23                  *:*
root     inetd      774   8  tcp4   *:513                 *:*
root     sendmail   745   3  tcp4   127.0.0.1:25          *:*
root     sshd       739   4  tcp4   *:22                  *:*
root     syslogd    590   7  udp4   *:514                 *:*
FreeBSD#
Just a hint, turn off telnet and rsh. Turn off inetd too.

Also add to /etc/rc.conf:
Code:
syslogd_flags="-ss"
That will stop syslogd from listening to network syslog messages. It's quite easy to spoof and it will fill up your logs.
 

anomie

Aspiring Daemon

Thanks: 116
Messages: 783

#29
@ashvinsivram: OK, now we are getting somewhere.

Now, on the FreeBSD server, run # tail -f /var/log/auth.log

Keep that running in a terminal. Next, from the Ubuntu box, try to ssh in as root to the FreeBSD server.

What do you see showing up in auth.log exactly? Please post it here.
 

ashvinsivram

Member


Messages: 20

#30
Code:
Apr 29 23:56:28 FreeBSD sshd[96241]: Accepted keyboard-interactive/pam for ashwin from 192.168.1.4 port 38118 ssh2
Apr 29 23:56:42 FreeBSD login: pam_acct_mgmt(): authentication error
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: error connecting to D-BUS system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: Scheduling hal init retry
Apr 29 23:57:14 FreeBSD login: 1 LOGIN FAILURE ON ttyp2
Apr 29 23:57:14 FreeBSD login: 1 LOGIN FAILURE ON ttyp2, root
Actually when I type ssh FreeBSD.ipaddress it's not showing me login it's directly asking for password.
 

ashvinsivram

Member


Messages: 20

#32
Code:
Apr 30 00:07:58 FreeBSD sshd[51866]: Accepted keyboard-interactive/pam for root from 192.168.1.4 port 52235 ssh2

Bingo!!!! it's Working...:)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,496
Messages: 25,662

#33
ashvinsivram said:
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: error connecting to D-BUS system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory
Apr 29 23:56:47 FreeBSD gnome-keyring-daemon[863]: Scheduling hal init retry
Not related but you don't seem to have dbus running.

This isn't getting us anywhere, to much other crap in the logs x(

Stop the sshd on the fbsd box: /etc/rc.d/sshd stop
Run in a terminal, as root: /usr/sbin/sshd -d

On the Ubuntu box run, as root: ssh -v root@ipaddressfbsdbox

Please post the outputs of both commands..
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,496
Messages: 25,662

#34
ashvinsivram said:
Apr 30 00:07:58 FreeBSD sshd[51866]: Accepted keyboard-interactive/pam for root from 192.168.1.4 port 52235 ssh2


Bingo!!!! it's Working...:)
Ok.. What made it work?
 

ashvinsivram

Member


Messages: 20

#35
Now, I really somewhat understand the issue. (Please do not scold me)..

The thing is I configured same username and password in ubuntu and in FreeBSD. So, whenever I try to ssh it's asking only for password and when I try to login as root it's not allowing me.. Now, I logged in as root@ipaddress it's working now.. Please correct me if I am wrong!!�e�e
 

ashvinsivram

Member


Messages: 20

#36
SirDice said:
Not related but you don't seem to have dbus running.

This isn't getting us anywhere, to much other crap in the logs x(

Stop the sshd on the fbsd box: /etc/rc.d/sshd stop
Run in a terminal, as root: /usr/sbin/sshd -d

On the Ubuntu box run, as root: ssh -v root@ipaddressfbsdbox

Please post the outputs of both commands..
I installed Apache22 and it's not working and I checked one of your posts..there you mentioned update the ports. So, in background I am updating the ports.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,496
Messages: 25,662

#37
ashvinsivram said:
The thing is I configured same username and password in ubuntu and in FreeBSD. So, whenever I try to ssh it's asking only for password and when I try to login as root it's not allowing me.. Now, I logged in as root@ipaddress it's working now.. Please correct me if I am wrong!!�e�e
Yes, if you use ssh to login from boxA to boxB it will use the username you have on boxA to login on boxB. You can use the -u switch or the @ syntax to specify a specific user.
 

Trojan

Member


Messages: 25

#40
phoenix said:
Third, if, for some bizarre reason, you are absolutely sure you want to do this, and give up one of the most important security features of the OS, then edit /etc/ssh/sshd_config, enable the PermitRootLogin option, then run /etc/rc.d/sshd reload to activate the change. Check the output of netstat -an|grep 22 to make sure it's running and LISTENing. Then try to connect remotely.
I made all the the things phoenix wrote i.e. edited option PermitRootLogin for "YES" then run /etc/rc.d/sshd reload (also restarted the machine) BUT still can't connect remotely via ssh as root. As regular user ther is no problem with remote connect. Here is the console outputs:

from Windows XP station
Code:
login as: root
Using keyboard-interactive authentication.
Password:
Access denied
from FreeBSD server
Code:
shlus# May 3 18:05:59 shlus sshd[933] error: PAM: authentication error
for root from 192.168.1.100
What should I do else or what I missed to do?
 

kamikaze

Well-Known Member

Thanks: 70
Messages: 366

#41
I suspect he didn't enable sshd. Run [cmd=/etc/rc.d/sshd]onestart[/cmd] and if it works afterwards that means you forgot to set sshd_enable="YES" in your /etc/rc.conf.
 

phoenix

Administrator
Staff member
Administrator
Moderator

Thanks: 1,036
Messages: 3,824

#42
SSH is obviously working, otherwise he wouldn't get a login prompt. :)

Trojan: Can you SSH from the FreeBSD console to localhost? $ ssh -l root localhost

Can you add a -v or two to the SSH command, to see what the error is $ ssh -l root -vv localhost
 

MG

Active Member

Thanks: 16
Messages: 191

#43
@kamikaze: If you switched hostnames or networking cards FreeBSD might think someone is trying to attack your network by pretending to be one of the local machines. In that case move or remove roots' ~/.ssh/known_hosts

edit: that should be @trojan
 

anomie

Aspiring Daemon

Thanks: 116
Messages: 783

#44
IMO, Trojan's question deserves its own thread. The OP (ashvinsivram) has solved his problem already.
 

Trojan

Member


Messages: 25

#46
phoenix said:
SSH is obviously working, otherwise he wouldn't get a login prompt. :)

Trojan: Can you SSH from the FreeBSD console to localhost? $ ssh -l root localhost

Can you add a -v or two to the SSH command, to see what the error is $ ssh -l root -vv localhost
When I run ssh -l root localhost I get the next:
Code:
shlus# ssh -l root localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
DSA key fingerpront is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)?
And here is the output of ssh -l root -vv localhost:
Code:
shlus# ssh -l root -vv localhost
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 FreeBSD-20080901
debug1: match: OpenSSH_5.1p1 FreeBSD-20080901 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 136/256
debug2: bits set: 534/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: no key of type 0 for host localhost
debug2: no key of type 1 for host localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
DSA key fingerprint is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)?
 

gilinko

Well-Known Member

Thanks: 57
Messages: 416

#47
@Trojan: That message indicates that you currently don't have the DSA key stored in your known_hosts file. Answer yes and it will store the profile key and give you a password prompt. Nest time you connect you will not be asked if you trust this key as you have already accepted it, and you will just be prompted to give your password.

Now if this key change for this particular host, you will get a stern warning as the system you are connecting to aren't the same as the one you accepted a key for(aka a possible breach of security on the remote host).
 

ashvinsivram

Member


Messages: 20

#48
anomie said:
IMO, Trojan's question deserves its own thread. The OP (ashvinsivram) has solved his problem already.

Not a Problem! Let us help this guy.. Even people like me will learn how to troubleshoot SSH issues..�e


Regards,

Ashwin
 

Trojan

Member


Messages: 25

#49
gilinko said:
@Trojan: That message indicates that you currently don't have the DSA key stored in your known_hosts file. Answer yes and it will store the profile key and give you a password prompt. Nest time you connect you will not be asked if you trust this key as you have already accepted it, and you will just be prompted to give your password.

Now if this key change for this particular host, you will get a stern warning as the system you are connecting to aren't the same as the one you accepted a key for(aka a possible breach of security on the remote host).
I logged in locally on FreeBSD macine then run ssh -l root localhost and here the output of what I got:
Code:
shlus# ssh -l root shlus
The authenticity of host 'shlus.home (192.168.1.1)' can't be established.
DSA key fingerprint is e2:81:82:d7:c3:af:d0:d0:35:32:24:21:df:18:56:45.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'shlus.home' (DSA) to the list of known hosts.
Password: [I]<- here I entered the password for root[/I]
May 6 12:45:25 shlus sshd[882]: error: PAM: authentication error for root from localhost
Password: [I]<- here I entered the password for root[/I]
Password: [I]<- here I entered the password for root[/I]
Permission denied (publickey,keyboard-interactive).
Where I was mistaken?