You are not logged in.

#1 2020-09-12 17:38:39

Math
Member
Registered: 2011-10-10
Posts: 40

[SOLVED] Can't SSH in as root

I just reinstalled Arch again, but wasn't able to SSH in as root. I tried to add the PermitRootLogin yes option to my /etc/ssh/sshd_config file, but that didn't work. After trying several times, I decided to create a normal user and I was able to SSH in.

I'm not sure why I can't SSH in as root, but I noticed there isn't a #PermitRootLogin line that I can uncomment in my sshd_config file. I had to add it myself, and with VIM the line doesn't light up in a different color like all other lines do when I uncomment them. Is it deprecated?

Last edited by Math (2020-09-12 22:08:03)

Offline

#2 2020-09-12 17:50:42

GaKu999
Member
From: US/Eastern
Registered: 2020-06-21
Posts: 696

Re: [SOLVED] Can't SSH in as root

The line is still there...post your sshd_config file.
And maybe other config files.

More information it’s needed so we can help you.
Command that you are using with parameters?
Redact sensitive information if needed.

Last edited by GaKu999 (2020-09-12 17:51:24)


My reposSome snippets

Heisenberg might have been here.

Offline

#3 2020-09-12 18:15:10

Math
Member
Registered: 2011-10-10
Posts: 40

Re: [SOLVED] Can't SSH in as root

It's actually just a default generated sshd_config file with everything in it commented. I only tried to add the line PermitRootLogin yes and uncommented the line #PasswordAuthentication yes and did a sshd restart.

I'm just using a basic "ssh root@myip-address" command, but getting a "Permission denied, please try again." answer back.
When I do a "systemctl status sshd" it shows me this:

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myip-address user=root
Failed password for root from myip-address port 50777 ssh2

Last edited by Math (2020-09-12 22:08:49)

Offline

#4 2020-09-12 18:51:13

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [SOLVED] Can't SSH in as root

Please post the output of:

# sshd -T

redact anything you do not wish to share.

Offline

#5 2020-09-12 19:07:26

Math
Member
Registered: 2011-10-10
Posts: 40

Re: [SOLVED] Can't SSH in as root

# sshd -T

port 22
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam yes
logingracetime 120
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin without-password
ignorerhosts yes
ignoreuserknownhosts no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
passwordauthentication yes
kbdinteractiveauthentication no
challengeresponseauthentication no
printmotd no
printlastlog yes
x11forwarding no
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
compression yes
gatewayports no
usedns no
allowtcpforwarding yes
allowagentforwarding yes
disableforwarding no
allowstreamlocalforwarding yes
streamlocalbindunlink no
fingerprinthash SHA256
exposeauthinfo no
pidfile /run/sshd.pid
xauthlocation /usr/bin/xauth
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
banner none
forcecommand none
chrootdirectory none
trustedusercakeys none
revokedkeys none
securitykeyprovider internal
authorizedprincipalsfile none
versionaddendum none
authorizedkeyscommand none
authorizedkeyscommanduser none
authorizedprincipalscommand none
authorizedprincipalscommanduser none
hostkeyagent none
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
casignaturealgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256
hostbasedacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
loglevel INFO
syslogfacility AUTH
authorizedkeysfile .ssh/authorized_keys
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
authenticationmethods any
subsystem sftp /usr/lib/ssh/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos af21 cs1
rekeylimit 0 0
permitopen any
permitlisten any
permituserenvironment no
pubkeyauthoptions none

Offline

#6 2020-09-12 19:12:36

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [SOLVED] Can't SSH in as root

permitrootlogin without-password

Will not allow password login for root.

Please post the contents of /etc/ssh/sshd_config again redacting if needed.

Offline

#7 2020-09-12 19:18:06

Math
Member
Registered: 2011-10-10
Posts: 40

Re: [SOLVED] Can't SSH in as root

loqs wrote:
permitrootlogin without-password

Will not allow password login for root.

Please post the contents of /etc/ssh/sshd_config again redacting if needed.

Yeah, that's really weird... For some reason it's ignoring the "PermitRootLogin" line.

#       $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

# Host *
#   ForwardAgent no
#   ForwardX11 no
PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h
PermitRootLogin yes

Offline

#8 2020-09-12 19:27:22

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: [SOLVED] Can't SSH in as root

# This is the ssh client system-wide configuration file.

That should be /etc/ssh/ssh_config you edited instead of /etc/ssh/sshd_config.

Offline

#9 2020-09-12 19:33:38

Math
Member
Registered: 2011-10-10
Posts: 40

Re: [SOLVED] Can't SSH in as root

loqs wrote:
# This is the ssh client system-wide configuration file.

That should be /etc/ssh/ssh_config you edited instead of /etc/ssh/sshd_config.

Omg! lol

I was editing the wrong config file... roll

Works now, thanks! big_smile

Offline

Board footer

Powered by FluxBB