Web Hosting Talk






PDA

View Full Version : no access for root with putty

joachim
04-09-2002, 06:29 PM
Hello,

I use putty for my server and it worked nice all the time.
Now, the connection was refused say the fingerprints of the host doesn´t match the
cached fingerprints.
I cannot login as root, however, via a different user and then su.
I changed the pw of root using passwd and webmin
allows access, but not ssh. I tried also teraterm, but no access.

WHAT IS THAT??????? Any ideas ? Thanks in advance,

Joachim
Mike the newbie
04-09-2002, 06:42 PM
It is usually good practice to log in as a wheeled-user then su to root.

Having said that... :D

Did you change the config of ssh on your server (/etc/sshd.config)? Did you recompile or reinstall sshd?

If you delete your local cached fingerprints, putty will ask for and receive a new set. Maybe that will let you in.

But your main concern should be what happened to cause this problem? so that you can prevent it from happening again.


As a rule on my servers, I have two completely separate copies of sshd running, each listening on a different port and using a completely separate config file. I only change one at a time, so I have a fall-back if I goof up somewhere.
joachim
04-09-2002, 06:50 PM
Hello,

I did nothing - I just started from my w98 pc the putty. frankly to say, I have no idea how to change the ssh config.
It looks like that:

# Host *
#ForwardAgent yes
#ForwardX11 yes
#RhostsAuthentication yes
#RhostsRSAAuthentication yes
#RSAAuthentication yes
#TISAuthentication no
#PasswordAuthentication yes
#FallBackToRsh yes
#UseRsh no
#BatchMode no
#StrictHostKeyChecking no
#IdentityFile ~/.ssh/identity
#Port 22
#Cipher idea
#EscapeChar ~


On windows, is there a local fingerprint
( registry?)

I am a little concerned as 2 times a hacker
used my server for sending mails.

Joachim
taz0
04-09-2002, 06:53 PM
Originally posted by joachim
Hello,

I did nothing - I just started from my w98 pc the putty. frankly to say, I have no idea how to change the ssh config.
It looks like that:

# Host *
#ForwardAgent yes
#ForwardX11 yes
#RhostsAuthentication yes
#RhostsRSAAuthentication yes
#RSAAuthentication yes
#TISAuthentication no
#PasswordAuthentication yes
#FallBackToRsh yes
#UseRsh no
#BatchMode no
#StrictHostKeyChecking no
#IdentityFile ~/.ssh/identity
#Port 22
#Cipher idea
#EscapeChar ~


On windows, is there a local fingerprint
( registry?)

I am a little concerned as 2 times a hacker
used my server for sending mails.

Joachim

Check in your sshd_config for:
PermitRootLogin yes
joachim
04-09-2002, 07:03 PM
it is not there.

So should I write it into the sshd-config?
Joachim
taz0
04-09-2002, 08:08 PM
Originally posted by joachim
it is not there.

So should I write it into the sshd-config?
Joachim

Yes and then restart sshd.
StevenG
04-10-2002, 01:14 AM
I'd leave root login dis-abled and keep su to root for ssh access.

I'm paranoid though.
joachim
04-10-2002, 07:32 PM
yes you have reason for paranoia.

At least I found out that my server was hacked,
programs like dsniff were installed.
I am now transporting all sites to a new server
and kill the other installation.

However, thanks for your help!


joachim