I am running ensim 3.1.12 to start off with,
I did the disable direct root login on ssh howto and it worked until I updated to 3.1.12 now root logs in directly. /etc/ssh/sshd_config still shows
permitrootlogin NO
and
protocol 2
what could be the reason it doesnt work anymore, and how can i fix it.
TIA
Full Version: root can still login ssh directly
did you restart ssh?
service sshd restart
service sshd restart
many times
how do you know it still permits it ?
I mean, what caused you to try to login directly as root if you have it disabled.
Oh BTW, the line should look like this
PermitRootLogin no
I mean, what caused you to try to login directly as root if you have it disabled.
Oh BTW, the line should look like this
PermitRootLogin no
I know because if i open putty and login using root it goes in. It use to say access denied and i had to login as another user and su - to it. and yes it does look like that. Like it said it use to work fine until i updated ensim, now it doesnt but the file looks the same. forcing protocol2 and PermitRootLogin No.
time to update your ssh version to 3.7.1p2 mate 
how-to's are on this board search for ssh 3.6 and you will find one.
Enjoy.
how-to's are on this board search for ssh 3.6 and you will find one.
Enjoy.
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6b [engine] 9 Jul 2001
still have the root login problem
still have the root login problem
I hate to suggest it, but if the sshd_config file is correct, but it is being ignored then maybe your system has been r00ted.
Was the root login available immediately after the upgrade to 3.1.12 or not.
This was the point of my previous question. How often did you check to see if the root login was available.
Personally I would check it once after setting the config up then never bother trying after that.
Thats why I was interested in what made you check to see if you could log in as root directly.
I have my config as denying any plain text password logins anyway, just using public key logins now. You might want to try that out and disable the text login completely. At least that would prevent any attacker using the root login.
Was the root login available immediately after the upgrade to 3.1.12 or not.
This was the point of my previous question. How often did you check to see if the root login was available.
Personally I would check it once after setting the config up then never bother trying after that.
Thats why I was interested in what made you check to see if you could log in as root directly.
I have my config as denying any plain text password logins anyway, just using public key logins now. You might want to try that out and disable the text login completely. At least that would prevent any attacker using the root login.
well I didnt check it right after the update I just noticed that was the only real change I made before I noticed it.
What exactly is R00ted? Is their a fix for it? Is their a howto on changing the plain text passwords without locking myself out
Im still learning this stuff as I go so If they sound like n00b questions its probably because I am still a n0b in alot of ways with Linux.
What exactly is R00ted? Is their a fix for it? Is their a howto on changing the plain text passwords without locking myself out
Im still learning this stuff as I go so If they sound like n00b questions its probably because I am still a n0b in alot of ways with Linux.
QUOTE
Originally posted by ruckus
well I didnt check it right after the update I just noticed that was the only real change I made before I noticed it.
What exactly is R00ted? Is their a fix for it? Is their a howto on changing the plain text passwords without locking myself out
Im still learning this stuff as I go so If they sound like n00b questions its probably because I am still a n0b in alot of ways with Linux.
well I didnt check it right after the update I just noticed that was the only real change I made before I noticed it.
What exactly is R00ted? Is their a fix for it? Is their a howto on changing the plain text passwords without locking myself out
Im still learning this stuff as I go so If they sound like n00b questions its probably because I am still a n0b in alot of ways with Linux.
time to order a restore.
rooted means that you lost potential control of your server a scriptkiddie smacked a door, walked in and damaged your system potentialy.
So get a restore. Make IT SECURE follow the how-to's
-- sorry for the little shout --
Do you care to tell me some more information... about your server.. cp, apache,php,mysql,ssh versions and did you leave telnet on...?
This are a few things that you need to know before you know make a diagnostic of what is hurt.
You guys are jumping WAY ahead of the situation here.
'smoker' simply suggested that it MIGHT be rooted - which of course is a possibility, but telling him to order a restore right now, without even considering any other explanations, is crazy.
Being that he's not familiar with Linux makes it even more likely that he hasn't configured ssh / upgraded ensim correctly.
'smoker' simply suggested that it MIGHT be rooted - which of course is a possibility, but telling him to order a restore right now, without even considering any other explanations, is crazy.
Being that he's not familiar with Linux makes it even more likely that he hasn't configured ssh / upgraded ensim correctly.
QUOTE
Originally posted by char
You guys are jumping WAY ahead of the situation here.
'smoker' simply suggested that it MIGHT be rooted - which of course is a possibility, but telling him to order a restore right now, without even considering any other explanations, is crazy.
Being that he's not familiar with Linux makes it even more likely that he hasn't configured ssh / upgraded ensim correctly.
You guys are jumping WAY ahead of the situation here.
'smoker' simply suggested that it MIGHT be rooted - which of course is a possibility, but telling him to order a restore right now, without even considering any other explanations, is crazy.
Being that he's not familiar with Linux makes it even more likely that he hasn't configured ssh / upgraded ensim correctly.
may that be why I ask some more info.
But if it keeps allowing root logins its not good and if he says he put PermitRootLogin to No we may believe what he says do we?
If he didnt upgrade ensim correctly and then he has to pay the price and should get a system restore then he has a good running Ensim again.
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.6b (this was just upgraded from the 3.6x forget exactly)
Ensim 3.1.12-9 (did have a problem from 3.1.10 - 3.1.11 where it froze for a long time and needed a server reboot)
apache-1.3.27-ensim3
php 4.2.2
mysql Ver 11.18 Distrib 3.23.58, for pc-linux (i686)
telnet was disabled and the port was blocked by apf
I was basicly doing all the Froggy updates i found on the forum. apf, clam, etc.
/edit hmm i also noticd this in my log thats emailed to me every morning:
/etc/cron.daily/clamav:
connect(): Connection refused
ERROR: Can't connect to clamd.
Ensim 3.1.12-9 (did have a problem from 3.1.10 - 3.1.11 where it froze for a long time and needed a server reboot)
apache-1.3.27-ensim3
php 4.2.2
mysql Ver 11.18 Distrib 3.23.58, for pc-linux (i686)
telnet was disabled and the port was blocked by apf
I was basicly doing all the Froggy updates i found on the forum. apf, clam, etc.
/edit hmm i also noticd this in my log thats emailed to me every morning:
/etc/cron.daily/clamav:
connect(): Connection refused
ERROR: Can't connect to clamd.
ohh and my sshd_config is
CODE
# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 600
PermitRootLogin No
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 600
PermitRootLogin No
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
Not sure but is it case sensitive? Try making No->no.
I don't know if that is the problem but might try it.
I don't know if that is the problem but might try it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.