Web lists-archives.com

Re: Peculiar problem with root login




David Christensen <dpchrist@xxxxxxxxxxxxxxxx> writes:

> On 06/12/2017 06:39 AM, Harry Putnam wrote:
>> Running debian jesse in a vbox vm on a Solaris host
>>
>> I have what seems like an unusual problem with root login on this
>> host.

[...]

>> I'm fresh out of ideas as to what else to do here.
>>
>> The auth log shows:
>>
>>   Jun 11 14:50:55 d2 sshd[2830]: pam_unix(sshd:auth): authentication
>>   failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=d.local.lan
>>   user=root
>>
>>   Jun 11 14:50:57 d2 sshd[2830]: Failed password for root from
>>   127.0.0.1 port 54522 ssh2
>
> Please run the following commands from the console of the jesse vm as
> root and paste your console session (prompts, commands entered, output
> obtained).  If you redact anything, substitute the phrase
> '<redacted>':
>
> # cat /etc/debian_version
>
> # uname -a
>
> # dpkg-query --show openssh-server
>
> # dpkg-query --show openssh-client
>
> # ls -1 /etc/ssh/*ssh*
>
> # ls -1 /root/.ssh
>
> # egrep -v '^.*#' /etc/ssh/sshd_config | grep .
>
> # ssh localhost
>
> # tail /var/log/auth.log

Thanks for the prod... I should have included at least some of that.

-------       -------       ---=---       -------       -------

diagnostic_data:

root # cat /etc/debian_version
8.8

root # uname -a
Linux d2 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux

root # dpkg-query --show openssh-server
openssh-server  1:6.7p1-5+deb8u3

root # dpkg-query --show openssh-client
openssh-client  1:6.7p1-5+deb8u3

root # ls -1 /etc/ssh/*ssh*
/etc/ssh/ssh_config
/etc/ssh/sshd_config
/etc/ssh/sshd_config~
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ecdsa_key.pub
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub

root # egrep -v '^.*#' /etc/ssh/sshd_config | grep .
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
PermitRootLogin yes

root # ssh localhost
root@localhost's password:
Permission denied, please try again.
root@localhost's password:

 **** Could not login **** -ed Harry

root # tail /var/log/auth.log
Jun 18 11:43:17 d2 sshd[1894]: Accepted password for reader from 192.168.1.42 port 40945 ssh2
Jun 18 11:43:17 d2 sshd[1894]: pam_unix(sshd:session): session opened for user reader by (uid=0)
Jun 18 11:43:17 d2 systemd-logind[477]: New session 185 of user reader.
Jun 18 11:43:17 d2 sshd[1897]: Setting tty modes failed: Invalid argument
Jun 18 11:43:59 d2 su[1917]: Successful su for root by reader
Jun 18 11:43:59 d2 su[1917]: + /dev/pts/4 reader:root
Jun 18 11:43:59 d2 su[1917]: pam_unix(su:session): session opened for user root by reader(uid=1000)
Jun 18 11:45:56 d2 sshd[1963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=d.local.lan  user=root
Jun 18 11:45:58 d2 sshd[1963]: Failed password for root from 127.0.0.1 port 54526 ssh2
Jun 18 11:46:03 d2 sshd[1963]: Connection closed by 127.0.0.1 [preauth]