Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
PermitRootLogin
227 views
Skip to first unread message
Victor Sudakov
Oct 31, 2015, 1:30:04 AM10/31/15
to
Colleagues,
I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
What else am I missing that it still does not let me ssh as root?
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
debug1: got 1 responses
debug1: PAM conv function returns PAM_SUCCESS
Keyboard-interactive (PAM) userauth failed[7] while authorizing: Permission denied
Failed keyboard-interactive for root from 10.14.140.125 port 28274 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 4 initial attempt 1 failures 3 initial failures 1
Thanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
What else am I missing that it still does not let me ssh as root?
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 3 initial attempt 0 failures 2 initial failures 0
debug1: keyboard-interactive devs
debug1: got 1 responses
debug1: PAM conv function returns PAM_SUCCESS
Keyboard-interactive (PAM) userauth failed[7] while authorizing: Permission denied
Failed keyboard-interactive for root from 10.14.140.125 port 28274 ssh2
debug1: userauth-request for user root service ssh-connection method keyboard-interactive
debug1: attempt 4 initial attempt 1 failures 3 initial failures 1
Thanks in advance for any input.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Ian Collins
Oct 31, 2015, 5:22:42 AM10/31/15
to
Victor Sudakov wrote:
> Colleagues,
>
> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> What else am I missing that it still does not let me ssh as root?
If you are using Solaris >= 11, root is a role, not a user so you can't
> Colleagues,
>
> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> What else am I missing that it still does not let me ssh as root?
login as root.
--
Ian Collins
Andrew Gabriel
Oct 31, 2015, 5:56:40 AM10/31/15
to
In article <d9jfis...@mid.individual.net>,
and if you turn root into a user, you will also need to comment out the
DEVICE= line in /etc/default/login
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
DEVICE= line in /etc/default/login
--
Andrew Gabriel
[email address is not usable -- followup in the newsgroup]
Victor Sudakov
Oct 31, 2015, 1:45:05 PM10/31/15
to
Ian Collins wrote:
> >
> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> > What else am I missing that it still does not let me ssh as root?
> If you are using Solaris >= 11,
Yes, "Oracle Solaris 11 11/11 X86"
> >
> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> > What else am I missing that it still does not let me ssh as root?
> If you are using Solaris >= 11,
> root is a role, not a user so you can't login as root.
can "su -" locally. How come root is not a user?
Victor Sudakov
Oct 31, 2015, 1:50:04 PM10/31/15
to
Andrew Gabriel wrote:
> >>
> >> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> >> What else am I missing that it still does not let me ssh as root?
> >
> > If you are using Solaris >= 11, root is a role, not a user so you can't
> > login as root.
> and if you turn root into a user, you will also need to comment out the
> DEVICE= line in /etc/default/login
There is no "DEVICE" in /etc/default/login on that host.
> >>
> >> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> >> What else am I missing that it still does not let me ssh as root?
> >
> > If you are using Solaris >= 11, root is a role, not a user so you can't
> > login as root.
> and if you turn root into a user, you will also need to comment out the
> DEVICE= line in /etc/default/login
So if I need to do something remotely as root (I assume I would use
"PermitRootLogin without-password" rather than "yes"), how do I go
about it?
YTC#1
Oct 31, 2015, 1:53:43 PM10/31/15
to
On 31/10/2015 17:42, Victor Sudakov wrote:
> Ian Collins wrote:
>>>
>>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>>> What else am I missing that it still does not let me ssh as root?
>
>> If you are using Solaris >= 11,
>
> Yes, "Oracle Solaris 11 11/11 X86"
>
>> root is a role, not a user so you can't login as root.
>
> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> can "su -" locally. How come root is not a user?
>
I think you need to do "Solaris 11 intro course" :-)
> Ian Collins wrote:
>>>
>>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>>> What else am I missing that it still does not let me ssh as root?
>
>> If you are using Solaris >= 11,
>
> Yes, "Oracle Solaris 11 11/11 X86"
>
>> root is a role, not a user so you can't login as root.
>
> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> can "su -" locally. How come root is not a user?
>
With S11 root is a role not a user, have a look at /etc/user_attr
This is a security measure, logging in as root is bad.
With S11 all actions can be assigned to non root accounts, depending on
what they need.
By default there is an admin user created at build time, this van
generally pfexec commands or sudo them
--
Bruce Porter
"The internet is a huge and diverse community but mainly friendly"
http://ytc1.blogspot.co.uk/
There *is* an alternative! http://www.openoffice.org/
Andrew Gabriel
Oct 31, 2015, 1:56:21 PM10/31/15
to
In article <n12uip$isi$1...@news.sibptus.ru>,
(or in later Solaris releases, getent user_attr root)
Victor Sudakov <v...@mpeks.no-spam-here.tomsk.su> writes:
> Ian Collins wrote:
>> >
>> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>> > What else am I missing that it still does not let me ssh as root?
>
>> If you are using Solaris >= 11,
>
> Yes, "Oracle Solaris 11 11/11 X86"
>
>> root is a role, not a user so you can't login as root.
>
> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> can "su -" locally. How come root is not a user?
grep '^root:' /etc/user_attr
> Ian Collins wrote:
>> >
>> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>> > What else am I missing that it still does not let me ssh as root?
>
>> If you are using Solaris >= 11,
>
> Yes, "Oracle Solaris 11 11/11 X86"
>
>> root is a role, not a user so you can't login as root.
>
> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> can "su -" locally. How come root is not a user?
(or in later Solaris releases, getent user_attr root)
Stephane T.
Oct 31, 2015, 4:46:22 PM10/31/15
to
On 2015-10-31, Victor Sudakov <v...@mpeks.no-spam-here.tomsk.su> wrote:
> So if I need to do something remotely as root (I assume I would use
> "PermitRootLogin without-password" rather than "yes"), how do I go
> about it?
In such case, you should generate a rsa key (ssh-keygen -t rsa), put the
> So if I need to do something remotely as root (I assume I would use
> "PermitRootLogin without-password" rather than "yes"), how do I go
> about it?
private in ~/.ssh/ of the remote computer who need root access and the
public one in the file /root/.ssh/authorized_keys of the server to
access (the file may need to be created).
I don't know about the root user on Solaris >11. Since this OS has been
bought by Oracle, I guess they can not stop screwing it up.
John D Groenveld
Oct 31, 2015, 4:53:58 PM10/31/15
to
In article <d9jfis...@mid.individual.net>,
<URL:https://docs.oracle.com/cd/E36784_01/html/E37123/rbactask-21.html>
John
groe...@acm.rog
Ian Collins <ian-...@hotmail.com> wrote:
>If you are using Solaris >= 11, root is a role, not a user so you can't
>login as root.
To revert root back to a user, see the S11 docs:
>If you are using Solaris >= 11, root is a role, not a user so you can't
>login as root.
<URL:https://docs.oracle.com/cd/E36784_01/html/E37123/rbactask-21.html>
John
groe...@acm.rog
YTC#1
Oct 31, 2015, 5:56:09 PM10/31/15
to
It was always in the plan for root to be a role, well before Oracle got
involved.
It is all to do with security. A lot of features have been around for
many years in Trusted Solaris, it is all natural progression.
Victor Sudakov
Nov 1, 2015, 1:40:07 AM11/1/15
to
Stephane T. wrote:
> > So if I need to do something remotely as root (I assume I would use
> > "PermitRootLogin without-password" rather than "yes"), how do I go
> > about it?
> In such case, you should generate a rsa key (ssh-keygen -t rsa), put the
> private in ~/.ssh/ of the remote computer who need root access and the
> public one in the file /root/.ssh/authorized_keys of the server to
> access (the file may need to be created).
Yes, but Solaris would not let me ssh as root either with a password
> > So if I need to do something remotely as root (I assume I would use
> > "PermitRootLogin without-password" rather than "yes"), how do I go
> > about it?
> In such case, you should generate a rsa key (ssh-keygen -t rsa), put the
> private in ~/.ssh/ of the remote computer who need root access and the
> public one in the file /root/.ssh/authorized_keys of the server to
> access (the file may need to be created).
or with a ssh key, that't the problem.
The problem is NOT that I don't know how to set up ssh publickey
authentication.
Ian Collins
Nov 1, 2015, 2:23:39 AM11/1/15
to
Victor Sudakov wrote:
> Stephane T. wrote:
>
>>> So if I need to do something remotely as root (I assume I would use
>>> "PermitRootLogin without-password" rather than "yes"), how do I go
>>> about it?
>
>> In such case, you should generate a rsa key (ssh-keygen -t rsa), put the
>> private in ~/.ssh/ of the remote computer who need root access and the
>> public one in the file /root/.ssh/authorized_keys of the server to
>> access (the file may need to be created).
>
> Yes, but Solaris would not let me ssh as root either with a password
> or with a ssh key, that't the problem.
So take the hint and ssh as the admin user and use sudo.
> Stephane T. wrote:
>
>>> So if I need to do something remotely as root (I assume I would use
>>> "PermitRootLogin without-password" rather than "yes"), how do I go
>>> about it?
>
>> In such case, you should generate a rsa key (ssh-keygen -t rsa), put the
>> private in ~/.ssh/ of the remote computer who need root access and the
>> public one in the file /root/.ssh/authorized_keys of the server to
>> access (the file may need to be created).
>
> Yes, but Solaris would not let me ssh as root either with a password
> or with a ssh key, that't the problem.
--
Ian Collins
YTC#1
Nov 1, 2015, 4:29:56 AM11/1/15
to
Andreas Fenner
Nov 1, 2015, 7:23:51 AM11/1/15
to
Andreas
Casper H.S. Dik
Nov 2, 2015, 1:58:58 AM11/2/15
to
Victor Sudakov <v...@mpeks.no-spam-here.tomsk.su> writes:
>Ian Collins wrote:
>> >
>> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>> > What else am I missing that it still does not let me ssh as root?
>> If you are using Solaris >= 11,
>Yes, "Oracle Solaris 11 11/11 X86"
>> root is a role, not a user so you can't login as root.
>Wait, there is the user "root" in /etc/passwd, "finger root" works, I
>can "su -" locally. How come root is not a user?
Try "getent user_attr root" and see if it includes:
>Ian Collins wrote:
>> >
>> > I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>> > What else am I missing that it still does not let me ssh as root?
>> If you are using Solaris >= 11,
>Yes, "Oracle Solaris 11 11/11 X86"
>> root is a role, not a user so you can't login as root.
>Wait, there is the user "root" in /etc/passwd, "finger root" works, I
>can "su -" locally. How come root is not a user?
type=root
you can change that using:
rolemod -K type=normal root
Casper
Victor Sudakov
Nov 11, 2015, 6:15:04 AM11/11/15
to
John D Groenveld wrote:
> >If you are using Solaris >= 11, root is a role, not a user so you can't
> >login as root.
> To revert root back to a user, see the S11 docs:
> <URL:https://docs.oracle.com/cd/E36784_01/html/E37123/rbactask-21.html>
Thank you for the info, but mostly for the useful link therein:
> >If you are using Solaris >= 11, root is a role, not a user so you can't
> >login as root.
> To revert root back to a user, see the S11 docs:
> <URL:https://docs.oracle.com/cd/E36784_01/html/E37123/rbactask-21.html>
https://docs.oracle.com/cd/E36784_01/html/E37125/sshuser-9.html#OSMSSsshuser-9
That's exactly what I needed remote root access for: "zfs send". I
will use this recipe rather than reverting root back to a user.
Victor Sudakov
Nov 11, 2015, 6:20:04 AM11/11/15
to
YTC#1 wrote:
> >>>
> >>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> >>> What else am I missing that it still does not let me ssh as root?
> >
> >> If you are using Solaris >= 11,
> >
> > Yes, "Oracle Solaris 11 11/11 X86"
> >
> >> root is a role, not a user so you can't login as root.
> >
> > Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> > can "su -" locally. How come root is not a user?
> >
> I think you need to do "Solaris 11 intro course" :-)
If you know a good one, please give me a link :-)
> >>>
> >>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
> >>> What else am I missing that it still does not let me ssh as root?
> >
> >> If you are using Solaris >= 11,
> >
> > Yes, "Oracle Solaris 11 11/11 X86"
> >
> >> root is a role, not a user so you can't login as root.
> >
> > Wait, there is the user "root" in /etc/passwd, "finger root" works, I
> > can "su -" locally. How come root is not a user?
> >
> I think you need to do "Solaris 11 intro course" :-)
I am basically a FreeBSD user and have to deal with Solaris only
occasionally, and not with S11 usually.
> With S11 root is a role not a user, have a look at /etc/user_attr
> This is a security measure, logging in as root is bad.
> With S11 all actions can be assigned to non root accounts, depending on
> what they need.
> By default there is an admin user created at build time, this van
> generally pfexec commands or sudo them
YTC#1
Nov 11, 2015, 7:53:25 AM11/11/15
to
On 11/11/2015 11:16, Victor Sudakov wrote:
> YTC#1 wrote:
>>>>>
>>>>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>>>>> What else am I missing that it still does not let me ssh as root?
>>>
>>>> If you are using Solaris >= 11,
>>>
>>> Yes, "Oracle Solaris 11 11/11 X86"
>>>
>>>> root is a role, not a user so you can't login as root.
>>>
>>> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
>>> can "su -" locally. How come root is not a user?
>>>
>
>> I think you need to do "Solaris 11 intro course" :-)
>
> If you know a good one, please give me a link :-)
Well, Oracle do courses .... :-) ... but try this
> YTC#1 wrote:
>>>>>
>>>>> I have set "PermitRootLogin yes" in sshd_config and restarted sshd.
>>>>> What else am I missing that it still does not let me ssh as root?
>>>
>>>> If you are using Solaris >= 11,
>>>
>>> Yes, "Oracle Solaris 11 11/11 X86"
>>>
>>>> root is a role, not a user so you can't login as root.
>>>
>>> Wait, there is the user "root" in /etc/passwd, "finger root" works, I
>>> can "su -" locally. How come root is not a user?
>>>
>
>> I think you need to do "Solaris 11 intro course" :-)
>
> If you know a good one, please give me a link :-)
http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-112-s11-first-steps-524819.html
> I am basically a FreeBSD user and have to deal with Solaris only
> occasionally, and not with S11 usually.
>
>> With S11 root is a role not a user, have a look at /etc/user_attr
>
>> This is a security measure, logging in as root is bad.
>> With S11 all actions can be assigned to non root accounts, depending on
>> what they need.
>
>> By default there is an admin user created at build time, this van
>> generally pfexec commands or sudo them
>
> Thank you.
>
--
0 new messages