sshd not working

I installed Fedora 3 on a friend's computer. It's working fine but I
thought I would set up remote access for myself to clear up any problems
that might arise. The computer is on a local network behind an ADSL
modem configured as a firewall and router. So I configured the router to
forward port 22 to the Linux box. I believe I can reach the Linux box
because I get a password dialogue. But it's not accepting what I know is
the proper password. I haven't changed the default /etc/ssh/sshd_config.
The sshd daemon is running. What have I forgotten?

Bob T.

Bob Tennent wrote:

>I installed Fedora 3 on a friend's computer. It's working fine but I
>thought I would set up remote access for myself to clear up any problems
>that might arise. The computer is on a local network behind an ADSL
>modem configured as a firewall and router. So I configured the router to
>forward port 22 to the Linux box. I believe I can reach the Linux box
>because I get a password dialogue. But it's not accepting what I know is
>the proper password. I haven't changed the default /etc/ssh/sshd_config.
>The sshd daemon is running. What have I forgotten?
>
>Bob T.
>
>

If you are trying to log-in as root you need to set "PermitRootLogin
yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.

Mihai

On Fri, 15 Apr 2005 16:12:46 +0200, Mihai Osian wrote:
> Bob Tennent wrote:
>
>>I installed Fedora 3 on a friend's computer. It's working fine but I
>>thought I would set up remote access for myself to clear up any problems
>>that might arise. The computer is on a local network behind an ADSL
>>modem configured as a firewall and router. So I configured the router to
>>forward port 22 to the Linux box. I believe I can reach the Linux box
>>because I get a password dialogue. But it's not accepting what I know is
>>the proper password. I haven't changed the default /etc/ssh/sshd_config.
>>The sshd daemon is running. What have I forgotten?
>>
>
> If you are trying to log-in as root you need to set "PermitRootLogin
> yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.

Thanks. The default sshd_config has

#PermitRootLogin yes

which is *supposed* to mean that the default is yes but I guess it's
conceivable that it's lying.

Bob T.

Bob Tennent wrote:
> On Fri, 15 Apr 2005 16:12:46 +0200, Mihai Osian wrote:
> > Bob Tennent wrote:
> >
> >>I installed Fedora 3 on a friend's computer. It's working fine but I
> >>thought I would set up remote access for myself to clear up any problems
> >>that might arise. The computer is on a local network behind an ADSL
> >>modem configured as a firewall and router. So I configured the router to
> >>forward port 22 to the Linux box. I believe I can reach the Linux box
> >>because I get a password dialogue. But it's not accepting what I know is
> >>the proper password. I haven't changed the default /etc/ssh/sshd_config.
> >>The sshd daemon is running. What have I forgotten?
> >>
> >
> > If you are trying to log-in as root you need to set "PermitRootLogin
> > yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.
>
> Thanks. The default sshd_config has
>
> #PermitRootLogin yes
>
> which is *supposed* to mean that the default is yes but I guess it's
> conceivable that it's lying.


I'd keep the root login disabled with the current rate of SSH
brute-force script-kiddy crackers around. I got tired of the
filling of auth.log with such attempts and even moved the daemon
to a different port.

If you need root acess, just log in with a normal user (and please
use a non-obvious username) and then su to root - makes the thing
a little more difficult for the undesired guests.

--

Tauno Voipio
tauno voipio (at) iki fi

On Fri, 15 Apr 2005 18:37:50 GMT, Tauno Voipio wrote:
> Bob Tennent wrote:
>> On Fri, 15 Apr 2005 16:12:46 +0200, Mihai Osian wrote:
>> > Bob Tennent wrote:
>> >
>> >>I installed Fedora 3 on a friend's computer. It's working fine but I
>> >>thought I would set up remote access for myself to clear up any problems
>> >>that might arise. The computer is on a local network behind an ADSL
>> >>modem configured as a firewall and router. So I configured the router to
>> >>forward port 22 to the Linux box. I believe I can reach the Linux box
>> >>because I get a password dialogue. But it's not accepting what I know is
>> >>the proper password. I haven't changed the default /etc/ssh/sshd_config.
>> >>The sshd daemon is running. What have I forgotten?
>> >>
>> >
>> > If you are trying to log-in as root you need to set "PermitRootLogin
>> > yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.
>>
>> Thanks. The default sshd_config has
>>
>> #PermitRootLogin yes
>>
>> which is *supposed* to mean that the default is yes but I guess it's
>> conceivable that it's lying.
>
> I'd keep the root login disabled with the current rate of SSH
> brute-force script-kiddy crackers around. I got tired of the
> filling of auth.log with such attempts and even moved the daemon
> to a different port.
>
> If you need root acess, just log in with a normal user (and please
> use a non-obvious username) and then su to root - makes the thing
> a little more difficult for the undesired guests.

Hmm. Maybe I need a script kiddy to crack the box for me because I can't
do it even with the password! :+) But thanks for the advice.

In comp.os.linux.networking Tauno Voipio <(E-Mail Removed)>:
> Bob Tennent wrote:
>> On Fri, 15 Apr 2005 16:12:46 +0200, Mihai Osian wrote:
>> > Bob Tennent wrote:

[ Can't login via ssh ]

>> > If you are trying to log-in as root you need to set "PermitRootLogin
>> > yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.
>>
>> Thanks. The default sshd_config has
>>
>> #PermitRootLogin yes
>>
>> which is *supposed* to mean that the default is yes but I guess it's
>> conceivable that it's lying.

No it isn't, the default is not to allow direct root ssh logins.

> I'd keep the root login disabled with the current rate of SSH
> brute-force script-kiddy crackers around. I got tired of the
> filling of auth.log with such attempts and even moved the daemon
> to a different port.

> If you need root acess, just log in with a normal user (and please
> use a non-obvious username) and then su to root - makes the thing
> a little more difficult for the undesired guests.

Full ack, if you really think you have to open port 22 for the
rest of the world, disable root logins. Disabling password logins
completely and using key-login is another idea to enhance
security.


--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 141: disks spinning backwards - toggle the
hemisphere jumper.

Bob Tennent wrote:
> On Fri, 15 Apr 2005 16:12:46 +0200, Mihai Osian wrote:
> > Bob Tennent wrote:
> >
> >>I installed Fedora 3 on a friend's computer. It's working fine but I
> >>thought I would set up remote access for myself to clear up any problems
> >>that might arise. The computer is on a local network behind an ADSL
> >>modem configured as a firewall and router. So I configured the router to
> >>forward port 22 to the Linux box. I believe I can reach the Linux box
> >>because I get a password dialogue. But it's not accepting what I know is
> >>the proper password. I haven't changed the default /etc/ssh/sshd_config.
> >>The sshd daemon is running. What have I forgotten?
> >>
> >
> > If you are trying to log-in as root you need to set "PermitRootLogin
> > yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.
>
> Thanks. The default sshd_config has
>
> #PermitRootLogin yes
>
> which is *supposed* to mean that the default is yes but I guess it's
> conceivable that it's lying.
>
> Bob T.

see the # at the beginning
that means anything after it is a comment
remove it if you really want ot allow root access

On Sat, 16 Apr 2005 04:00:15 GMT, SEND NO SPAM wrote:
>> >
>> >>I installed Fedora 3 on a friend's computer. It's working fine but I
>> >>thought I would set up remote access for myself to clear up any problems
>> >>that might arise. The computer is on a local network behind an ADSL
>> >>modem configured as a firewall and router. So I configured the router to
>> >>forward port 22 to the Linux box. I believe I can reach the Linux box
>> >>because I get a password dialogue. But it's not accepting what I know is
>> >>the proper password. I haven't changed the default /etc/ssh/sshd_config.
>> >>The sshd daemon is running. What have I forgotten?
>> >
>> > If you are trying to log-in as root you need to set "PermitRootLogin
>> > yes" in /etc/ssh/sshd_config, otherwise you get exactly what you describe.
>>
>> Thanks. The default sshd_config has
>>
>> #PermitRootLogin yes
>>
>> which is *supposed* to mean that the default is yes but I guess it's
>> conceivable that it's lying.
>
> see the # at the beginning
> that means anything after it is a comment
> remove it if you really want ot allow root access

This is what I was referring to:

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Bob T.