You are not logged in.

#1 2014-03-05 21:54:47

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

[Solved] ssh: can't disallow root login

I'm able to connect as root, despite /etc/ssh/sshd_config being default. I can't even prevent root login by explicitly using

PermitRootLogin no

Can anyone reproduce? Both machines are running Arch and up-to-date.

Last edited by alphaniner (2014-03-06 16:10:19)


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#2 2014-03-05 22:01:59

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 13,572
Website

Re: [Solved] ssh: can't disallow root login

$ ssh root@localhost 
Permission denied (publickey).

;]

That's a solution to use in the interim, I'll see if I can reproduce the problem with PasswordAuthentication enabled.

Edit: Nope. With "PermitRootLogin no", root can't log in on my machine. Could you have multiple conflicting "PermitRootLogin" statements in your config file?

Last edited by WorMzy (2014-03-05 22:10:30)


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2014-03-06 00:11:33

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,414

Re: [Solved] ssh: can't disallow root login

Yeah, mine is telling me that permission is denied due to publickey as well... I would have never noticed had I not stumbled upon this thread.

Offline

#4 2014-03-06 14:39:35

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [Solved] ssh: can't disallow root login

sshd_config is default: I uninstalled, deleted /etc/ssh and reinstalled. But here's the uncommented lines anyway:

$ grep -v "^[[:space:]]*#\|^$" /etc/ssh/sshd_config
AuthorizedKeysFile	.ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no # pam does that
UsePrivilegeSeparation sandbox		# Default for new installations.
Subsystem	sftp	/usr/lib/ssh/sftp-server

Maybe I fat fingered something yesterday, because now it seems that if I add PermitRootLogin no I can't logon as root. But IIRC root should be disallowed by default.

Also just FYI security isn't really a concern for me, I only brought this up in case it's a bug.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#5 2014-03-06 15:55:03

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 13,572
Website

Re: [Solved] ssh: can't disallow root login

Think you're remembering wrong. smile

From man sshd_config:

       PermitRootLogin
              Specifies  whether  root  can  log  in using ssh(1).  The argument must be ``yes'',
              ``without-password'', ``forced-commands-only'', or ``no''.  The default is ``yes''.

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#6 2014-03-06 16:08:04

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [Solved] ssh: can't disallow root login

Well, that's weird. I know in the past I had to specify PermitRootLogin yes to be able to login as root. I'm sure because it's the only reason I'm even aware of the option...

Oh, well. Sorry for wasting everyone's time.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

Board footer

Powered by FluxBB