unable to login via SSH

unable to login via SSH

Post by gvelmuru.. » Thu, 29 Dec 2005 20:06:50



Hello All,

I have installed Solaris 9 in my machine.  While I try to login via SSH
its showing permission denied.  But with the same password I am able to
login through telnet.

Where will be the problem  ?

Thanks,
Velmurugan G

 
 
 

unable to login via SSH

Post by tunl » Thu, 29 Dec 2005 20:18:14



> Hello All,

> I have installed Solaris 9 in my machine.  While I try to login via SSH
> its showing permission denied.  But with the same password I am able to
> login through telnet.

> Where will be the problem  ?

> Thanks,
> Velmurugan G

Is  the secure shell daemon  running at all ?
(  pgrep  sshd )
if not therer should be a /etc/init.d/ssh(d)   startup script you need
to activate.

Have You looked at  the /etc/ssh/sshd.conf    file  and  configured it
with
the options you need ?
-  do you want  password login or  passphrase login
-  do you want remote root login  ( not recommended )
-  have you exchanged  cryptographic signatures ( ssh-keygen )
bettween  server and client.

Is  TCP-Wrapper enabled on you server ?
- then you need to allow ssh  in  /etc/hosts.allow

//Lars

 
 
 

unable to login via SSH

Post by gvelmuru.. » Thu, 29 Dec 2005 20:43:39


Hello Lars,

sshd is running but I didnt do these configuration.  Could you tell me
how to proceed with this.

Thanks,
Velmurugan G

 
 
 

unable to login via SSH

Post by Dave » Thu, 29 Dec 2005 20:54:51



> Hello Lars,

> sshd is running but I didnt do these configuration.  Could you tell me
> how to proceed with this.

> Thanks,
> Velmurugan G

Try

$ telnet machine_name 22

That will attept to connect to an ssh server on port 22.

You should see something like this below:

sparrow /export/home/drkirkby % telnet  localhost 22
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-Sun_SSH_1.1

You will not be able to log in via telnet, but it would be useeful to
know if you can see the ssh server.

--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.

for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)

 
 
 

unable to login via SSH

Post by Dave » Thu, 29 Dec 2005 20:56:16



> Try

> $ telnet machine_name 22

> That will attept to connect to an ssh server on port 22.

> You should see something like this below:

> sparrow /export/home/drkirkby % telnet  localhost 22
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SSH-2.0-Sun_SSH_1.1

> You will not be able to log in via telnet, but it would be useeful to
> know if you can see the ssh server.

PS
you are not trying to log in as root are you? ssh will be default not
allow that - but neither will telnet, so perhaps that is not your problem.
--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.

for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)

 
 
 

unable to login via SSH

Post by gvelmuru.. » Thu, 29 Dec 2005 21:29:17


Yes I am trying to login as root
 
 
 

unable to login via SSH

Post by Dave » Thu, 29 Dec 2005 21:36:31



> Yes I am trying to login as root

If you want to allow that (and I'm no expert on the rights and wrongs of
that), you need to

a) Stop sshd

b) Change the line below from no to a yes.

sparrow /export/home/drkirkby % grep Root /etc/ssh/sshd_config
PermitRootLogin no

c) Restart sshd

There might be a way of getting sshd to re-read the config file without
actually stopping it. Perhaps:

# pkill -HUP sshd

will do that, but I have no idea.

You appear to be allowing telnet login as root. That is considered a
particularly bad practice. If someone has to use another account to get
to root, you can track what account they had  access to.

--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.

for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)

 
 
 

unable to login via SSH

Post by gvelmuru.. » Thu, 29 Dec 2005 21:51:24


Great !!! it is working.

Thanks for your support.

Velmurugan G

 
 
 

unable to login via SSH

Post by <ad.. » Fri, 30 Dec 2005 07:06:00




>> Yes I am trying to login as root

> If you want to allow that (and I'm no expert on the rights and wrongs of
> that), you need to

(snip)

Dave's answer is entirely correct, but let me offer an alternate summary.

If you want to login directly as root...

Don't.

Fix your processes, don't break security.