SSH/SSHD

Discuss Applications
Post Reply
Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

SSH/SSHD

Post by Master of Reality » Wed Nov 12, 2003 7:04 pm

I just need some ideas where to look for the problem that is causing...... I cannot log in to my server through ssh. The connections i already had (before upgrading every package) are still active. I asks for my password and then says permission denied when i type in the correct pass: Permission denied (publickey,password,keyboard-interactive). Is this because it is looking for a hsot key or something... any advice here would help.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Nov 12, 2003 7:14 pm

I assume you restarted sshd after the upgrade? Do you have a copy of your sshd_config prior to upgrading? Any messages in any of the system logs?

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Nov 12, 2003 7:21 pm

Code: Select all

Nov 12 20:06:01 chatroom sshd[18780]: input_userauth_request: illegal user root
Nov 12 20:06:01 chatroom sshd[18780]: Failed none for illegal user root from 192
.168.0.2 port 3064 ssh2
Nov 12 20:06:01 chatroom sshd[18780]: Failed keyboard-interactive for illegal us
er root from 192.168.0.2 port 3064 ssh2
Nov 12 20:06:04 chatroom sshd[18780]: Failed password for illegal user root from
 192.168.0.2 port 3064 ssh2
Nov 12 20:06:08 chatroom last message repeated 2 times
Nov 12 20:06:08 chatroom sshd[18780]: Connection closed by 192.168.0.2
ahhh, i always forget the logs... hmm, what may i ask does all this mean though?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Nov 12, 2003 7:27 pm

Have you tried to log on via ssh as a normal user rather than root? Looks like you have the option in your sshd_config turned on to disallow root logins.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Nov 12, 2003 7:40 pm

alright that was it...

Isnt there some way i can let my internal computer login without a password (with just a key or something?) as root, but disallow external computer from logging in as root (only allow user with password)?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Nov 12, 2003 7:52 pm

Well yes, there are a few ways you can do that. One would be to use a "~root/.shosts" file that has a line like:

192.168.0.100 m0r

Which would allow you to log in as root from machine 192.168.0.100 if you are already logged in to 192.168.0.100 as m0r.

Or you can do host based authentication, etc..

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality » Wed Nov 12, 2003 7:59 pm

wow... thats incredibly easy, by what i got from the man page i thought it was going to be incredibly difficult

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Nov 12, 2003 8:00 pm

I actually don't do it that way because it is less secure. I use key based authentication (see ssh-keygen) which is only slightly more complicated.

e.g.
1) $ ssh-keygen -t dsa
2) $ scp ~/.ssh/id_dsa.pub root@server:.ssh/id_dsa.tmp
3) $ ssh root@server
4) # cat .ssh/id_dsa.tmp >> .ssh/authorized_keys

Now it should let you log in as root without a password using a dsa key. If you prefer RSA encryption replace "dsa" everywhere you see it above with "rsa". Only create the *.pub file once and copy it to the authorized_key file on all the machins/users you want to log in to.

kovax
scripter
scripter
Posts: 85
Joined: Mon Jan 24, 2005 9:47 am
Location: Jacksonville, USA
Contact:

Post by kovax » Wed Nov 05, 2008 12:48 pm

Can you do the same in AIX? I also heard something about rhost.

Just checking.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Nov 05, 2008 2:12 pm

Yes, you can do the same thing with AIX (and I do).

Post Reply