Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Sun Jun 13, 2004 9:06 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Hopefully someone can point me in the right direction...

Using SSH (via Mandrake Linux on my home PC), I log into my Linode host (login to host works fine), and then attempt to login into my account. However I cannot log in using root - I get 'Login incorrect'. I can log in using a second account I have set up, however when I try su - root (and give root password) it fails and reports 'authentication failure'.

Any ideas? Do I need a password reset for root? Is the root login the same as for webmin (which works fine)? Or perhaps I'm doinf something wrong?


Top
   
 Post subject:
PostPosted: Sun Jun 13, 2004 10:04 am 
Offline
Senior Member
User avatar

Joined: Mon Jun 23, 2003 1:25 pm
Posts: 260
Hi,

The root password is the one you set when you deployed the distribution.

Adam


Top
   
 Post subject:
PostPosted: Sun Jun 13, 2004 2:51 pm 
Offline
Senior Member
User avatar

Joined: Tue Apr 13, 2004 6:54 pm
Posts: 833
Check your sshd.conf file; this probably has "PermitRootLogin no" (or the "yes" line commented out) in it, rejecting remote root logins.

Under normal circumstances this is a good security principle; don't let people login as root except on the console. It may even be worth while on an linode if your linode account and root accounts have different passwords.

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 5:17 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Hmm, I think that the password I'm typing in is correct. I found the following on ssh.com, and think this is causing my problem:

Quote:
One possible reason for authentication failure is that the remote host computer may have been configured to require several authentication methods to be used. For example both password and public key authentication could be used for increased security. Even if you entered your password correctly, some other required authentication method could have failed. A relatively common situation is one where the remote host computer is expecting public-key authentication and you have not sent your public key to the host.


I haven't done anything on this yet on my Debian install. Has anyone got any instructions they can provide or links to a tutorial?


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 5:56 am 
Offline
Senior Member
User avatar

Joined: Fri Oct 24, 2003 3:51 pm
Posts: 965
Location: Netherlands
If I understand correctly:
    (1) You have successfully logged in to the machine on which your Linode is hosted and are therefore accessing the (virtual) console of your Linode.
    (2) You are unable to log in as root on the virtual console.

If this is the case then sshd configuration has nothing to do with your inability to log in - ssh (on the Linode host) has successfully connected you to the (virtual) console (when you logged in to hostxx.linode.com) and has no part to play in authenticating logins at the virtual console.

It looks like either the password you are using is incorrect or something has gone seriously wrong with the authentication setup on your Linode.

Your inability to su from another account is likely due to the same cause. Many Linux flavours require regular users to be a member of a particular group (usually 'wheel', but it varies) before they are allowed to su, but if the authentication data for root is screwed up then su isn't going to work anyway.

_________________
/ Peter


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 5:56 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Found a tutorial here:- http://www.suso.org/linux/tutorials/ssh.phtml

I'll try get this working later to see if it solves my problem.

If anyone else has similar links/info then please post them up :)


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 6:50 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
pclissold wrote:
If I understand correctly:
    (1) You have successfully logged in to the machine on which your Linode is hosted and are therefore accessing the (virtual) console of your Linode.
    (2) You are unable to log in as root on the virtual console.
If this is the case then sshd configuration has nothing to do with your inability to log in - ssh (on the Linode host) has successfully connected you to the (virtual) console (when you logged in to hostxx.linode.com) and has no part to play in authenticating logins at the virtual console.

It looks like either the password you are using is incorrect or something has gone seriously wrong with the authentication setup on your Linode.

Your inability to su from another account is likely due to the same cause. Many Linux flavours require regular users to be a member of a particular group (usually 'wheel', but it varies) before they are allowed to su, but if the authentication data for root is screwed up then su isn't going to work anyway.


Looks like you posted this before my second post above!

Yes, thinking about it more then perhaps it has to do with 'wheel' or perhaps root password is after all incorrect (?).

I will investigate some more in Webmin...will keep you posted.


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 7:14 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Sounds to me like you need to reset the root password.

Not being able to "su -" is a dead give-away since it doesn't sound like PermitRootLoign in sshd_conf or lack of tty0 in /etc/securetty for root console login. No idea about su's group requirements (never heard of that before)..

-Chris


Top
   
 Post subject:
PostPosted: Mon Jun 14, 2004 8:16 pm 
Offline
Senior Newbie

Joined: Wed Mar 31, 2004 9:17 pm
Posts: 11
I would definitely agree on the lack of ssh being at fault if you are only attempting to ssh in and then elevate your permissions to root using su -.

If you have not tampered with /etc/securetty and you cannot login as root from the login console obtained from sshing to the linode host, more than likely you simply have the wrong root password.

As far as group requirements for su, a good portion of linux distributions today are requiring a user be part of a particular group in order to su up to the root user, even if you know the password. This inhibits (not prevents) a rouge user from abusing use of a password they should not know. If ssh as root is disabled or set to without-password (i.e. key based only) and their user is not part of the special group required for su, it makes it significantly more difficult to abuse the knowledge if they cannot get to a console login such as the one available in a screen from lish on your linode host.

Look for a line similar to "auth required /lib/security/pam_wheel.so use_uid" in /etc/pam.d (or wherever your distribution keeps it's pam config files), that is of course assuming you are using pam. If this is the case, you need to add your regular user account to the wheel group in /etc/groups.


Top
   
 Post subject:
PostPosted: Tue Jun 15, 2004 10:27 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Hoping to take another look at this again tonight (European time).

If I need to reset the root password, how can I do this? Can it be done through Webmin, and if so how?

Thanks :)


Top
   
 Post subject:
PostPosted: Tue Jun 15, 2004 5:16 pm 
Offline
Senior Newbie

Joined: Wed Mar 31, 2004 9:17 pm
Posts: 11
efc wrote:
If I need to reset the root password, how can I do this? Can it be done through Webmin, and if so how?


FAQ's are your friend. http://www.linode.com/products/faq.cfm?id=4

I am not sure on using webmin to reset a root password, I only use bashmin. ;)


Top
   
 Post subject:
PostPosted: Tue Jun 15, 2004 5:18 pm 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Heh, managed to reset using Webmin, so I'm in now! :)

Now trying to get SSL working for HTTPS, but I'm tearing my hair out!

Ah well, time to pack it in, Big Brother is on ;)


Top
   
 Post subject:
PostPosted: Wed Jun 16, 2004 4:42 pm 
Offline
Senior Member

Joined: Fri Feb 13, 2004 11:30 am
Posts: 140
Location: England, UK
If everything goes wrong, then wouldn't it be possible to shut the machine down, modify the profile to give the kernel parameter "single", start it up, ssh into the console and then use "passwd" to change root's password from there? That seems like it would work.


Top
   
 Post subject:
PostPosted: Wed Jun 16, 2004 4:58 pm 
Offline
Linode Staff
User avatar

Joined: Tue Apr 15, 2003 6:24 pm
Posts: 3090
Website: http://www.linode.com/
Location: Galloway, NJ
Distros vary on what they do in "single" mode.

Another way would be to deploy a small Debian profile, add your old root disk image to /dev/ubdc, boot the debian profile, mount /dev/ubdc someplace, and hack away (copy the password field from Debian's /etc/shadow to the old root's /etc/shadow, or the like)...

-Chris


Top
   
 Post subject:
PostPosted: Thu Jun 17, 2004 6:01 am 
Offline
Senior Newbie

Joined: Thu Jun 10, 2004 6:06 am
Posts: 19
Location: Ireland
Sure am glad that I got it working so!

Just as a side note, while trying out some things to allow me login I recreated a new set of SSH RSA keys on my Debian host. That caused a 'middle man hacker attempt' message to appear on my SSH session which refused me connection. Eventually I figured out that my Mandrake ssh session config file had the old auth key - just edited the local Mandrake file using vi (I love vi!) and deleted the offending entry. I retried the SSH connection which then resent the new correct key which was stored on my local PC again - and then I was in. :)

Might come in useful if anyone else encounters this problem.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group