This is a home setup, solaris 11 express running on Vbox with win 7
(64bit) as host. I downloaded the vm appliance offered on oracle web
pages. The zones appliance.
I'll say too that none of my data is worth money, no commerce is
involved in my usage and no other (other than myself) people are going
to experience any problems from any screw ups I might make.
I've made root an account rather than a role with:
`rolemod -k type=normal root'
However I still cannot ssh into that vm as root. Or ssh to root when
on the machine as USER.
I've set /etc/ssh/sshd.config to allow root logins with:
PermitRootLogin yes
But still ssh connections as root are rejected.
I'd like to be able to start an X session as root too. When I try
that, I get some ancient X desktop rather than the gnome desktop user
can log into.
You're right, 'root shell disease' annoys. :)
<URL:http://www.cse.psu.edu/~groenvel/root-shell.html>
>However I still cannot ssh into that vm as root. Or ssh to root when
>on the machine as USER.
>
>I've set /etc/ssh/sshd.config to allow root logins with:
>
> PermitRootLogin yes
>
>But still ssh connections as root are rejected.
# svcadm restart ssh
>I'd like to be able to start an X session as root too. When I try
>that, I get some ancient X desktop rather than the gnome desktop user
>can log into.
Confirm sshd_config(4):
X11Forwarding yes
Happy hacking,
John
groe...@acm.org
> In article <87box0k...@newsguy.com>,
> Harry Putnam <rea...@newsguy.com> wrote:
>>I'm sure I will be told not to do this, but I do find it more
>>convenient to run as root for lots of things.
>
> You're right, 'root shell disease' annoys. :)
> <URL:http://www.cse.psu.edu/~groenvel/root-shell.html>
Interesting discussion there, and following the web citations too.
>>However I still cannot ssh into that vm as root. Or ssh to root when
>>on the machine as USER.
>>
>>I've set /etc/ssh/sshd.config to allow root logins with:
>>
>> PermitRootLogin yes
>>
>>But still ssh connections as root are rejected.
>
> # svcadm restart ssh
Yes, of course. I failed to mention that I'd done that.
There has also been a reboot.
>>I'd like to be able to start an X session as root too. When I try
>>that, I get some ancient X desktop rather than the gnome desktop user
>>can log into.
>
> Confirm sshd_config(4):
> X11Forwarding yes
oracle@solaris:~$ grep X11Forwarding /etc/ssh/sshd_config
X11Forwarding yes
Still when I try to ssh in as root my passwd is never excepted.
The same passwd works for `su -' so I know I'm entering the right
passwd.
You're right. Don't do this. I don't care how unimportant your box is,
sloppy behaviour is still sloppy behaviour.
Also, don't allow ssh as root.
> I'd like to be able to start an X session as root too. When I try
> that, I get some ancient X desktop rather than the gnome desktop user
> can log into.
Don't do this either.
HOWEVER...
1) Check your sshd_config
2) You can change your root GUI from the login screen.
3) use ssh -vv to get some debugging information.
4) STOP BEING SLOPPY!
Colin
[...]
> HOWEVER...
>
> 1) Check your sshd_config
I'm not sure what I'm looking for there other than these two:
$ grep X11Forwarding /etc/ssh/sshd_config
X11Forwarding yes
and:
$ grep PermitRoot /etc/ssh/sshd_config
PermitRootLogin yes
> 3) use ssh -vv to get some debugging information.
That `ssh -vv' output looks like this:
(as my passwrd is rejected)
debug2: input_userauth_info_req: num_prompts 1
Password:
debug1: Authentications that can continue:
gssapi-keyex,gssapi-with-mic,\
publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
> 4) STOP BEING SLOPPY!
Ok, just as soon as I grow a brain about 300 times better than the
current one.
If you edit /etc/default/login to allow remote root logins per login(1)
and enable the telnet service, then can you login as root via telnet?
$ telnet localhost
John
groe...@acm.org
Apparently not:
reader > telnet localhost
Trying 127.0.0.1...
Connected to solaris11.local.lan.
Escape character is '^]'.
login: root
Password:
Login incorrect
Connection to solaris11.local.lan closed by foreign host.
In fact, even a `su -' shows some kind of problem:
reader > su -
Password:
Oracle Corporation SunOS 5.11 snv_151a November 2010
You have mail.
root@solaris:~# Error: no display specified
At that point the shell hangs until I hit ^c, then it works normally.
Looks like you broke bash(1)'s /etc/profile or one of its other
rc files in $HOME.
Undo your changes.
John
groe...@acm.org
A few months ago Oracle had a tech training session in San Diego I
attended. Before
I attended I was supposed to prepare my laptop with the setup you list
above.
In the session they demonstrated root user is gone. UID 0 is more of
a concept now.
Its power is a role.
So, if you've managed to bring root user back that would be a, well,
something that
they've gone to lengths to remove.
I mention it here because I'm not sure everyone who follows this group
knows the UID 0
account has been removed from Solaris 11 express.
Regards, Scott
not removed, made into a role via /etc/user_attr
Not even that:
more /etc/passwd
root:x:0:0:Super-User:/root:/usr/bin/bash
--
Ian Collins