Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
Thanks Ritesh
One thing to check might be to make sure root login is enabled. Look for this line in your /etc/ssh/sshd-config *PermitRootLogin yes*
2008/1/30 Ritesh Yeole ritesh.yeole@gmail.com:
Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
Thanks Ritesh
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
On Wed, 2008-01-30 at 11:36 +0530, Anoop Chandran wrote:
One thing to check might be to make sure root login is enabled. Look for this line in your /etc/ssh/sshd-config PermitRootLogin yes
Not always a brilliant thing to do. It can be better to disallow root logins, forcing users to login as themselves, then become root.
Tim wrote:
On Wed, 2008-01-30 at 11:36 +0530, Anoop Chandran wrote:
One thing to check might be to make sure root login is enabled. Look for this line in your /etc/ssh/sshd-config PermitRootLogin yes
Not always a brilliant thing to do. It can be better to disallow root logins, forcing users to login as themselves, then become root.
You might also ask why the OP is using a root a/c to ssh *from*: "[root@ndtest ~]# ssh ultra"?
On Wed, 2008-01-30 at 09:35 +0000, Ian Malone wrote:
You might also ask why the OP is using a root a/c to ssh *from*: "[root@ndtest ~]# ssh ultra"?
I wonder if that's a problem, though? I don't recall reading anything that it would be. I can imagine that if you were administering a network, you might start on the local machine, then move on.
Ritesh Yeole wrote:
Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey).
snip<<<
possiblity one - remote root login via ssh is denied (by config)(a damn *good* idea! ...always log in as a regular user and then su to root, makes for much better security) - the command would be "ssh user@ultra")
possibility two - root login is allowed (damn *bad* idea!) and you have the wrong password
possibility three - keys are fouled... try removing the key for the host in question (typically found in ~/.ssh/known/hosts though there may be a /etc/ssh/ssh_known_hosts file to check as well) and try again
I'm sure there's a fourth possibility but I can't think of it for the life of me right now... 8^) -- Steve Lindemann __ Network Administrator //\ ASCII Ribbon Campaign Marmot Library Network, Inc. \// against HTML/RTF email, url: http://www.marmot.org //\ vCards & M$ attachments email: mailto:steve@marmot.org voice: +1.970.242.3331 ext 116 fax: +1.970.245.7854
Ritesh Yeole wrote:
Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
Thanks Ritesh
The default sshd setup does NOT allow root to log in. It is usually a bad idea to root logins from the Internet because it exposes the root account to automated cracking attempts. If you must allow root logins from the internet, at least limit it to using key pairs. If you can, also limit it to connections for a specific IP address, or range of addresses.
As others have said, it is better to log in as a normal user, and then become root. It does not eliminate automated attacks, but it does make them harder.
As a side note, it is not a good idea to be to be logged in as root unless you are doing something that requires it. You are better off running ssh as a normal user when connecting to another box.
Mikkel
On 30/01/2008, Mikkel L. Ellertson mikkel@infinity-ltd.com wrote:
The default sshd setup does NOT allow root to log in.
I thought the Fedora default was to allow it, /etc/ssh/sshd_config has that '#PermitRootLogin yes' which I took to indicate the default.
Mikkel L. Ellertson wrote:
Ritesh Yeole wrote:
Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
Thanks Ritesh
The default sshd setup does NOT allow root to log in. It is usually a
Really? 20:01 [summer@numbat ~]$ root 172.17.0.11 The authenticity of host '172.17.0.11 (172.17.0.11)' can't be established. RSA key fingerprint is eb:68:48:61:00:9a:24:ce:81:51:ed:d9:82:b9:92:96. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.17.0.11' (RSA) to the list of known hosts. root@172.17.0.11's password: Last login: Thu Jan 31 06:01:38 2008 [root@localhost ~]#
That's a freshly-installed CentOS5 box. I don't imagine the CentOS folk changed that.
bad idea to root logins from the Internet because it exposes the root account to automated cracking attempts. If you must allow root logins from the internet, at least limit it to using key pairs. If you can, also limit it to connections for a specific IP address, or range of addresses.
Rat-limiting with iptables is good. Blocking China. Japan, USA, Mexico is good if you don't live there.
As others have said, it is better to log in as a normal user, and then become root. It does not eliminate automated attacks, but it does make them harder.
I limit ssh from most of the world to five/hour. It makes it dashed hard to guess even a weak password.
Ritesh Yeole wrote, On 01/30/2008 12:26 AM:
Dear Sir,
What the others say about root logins still stands, including that it may or may not be disabled in /etc/ssh/sshd_config.
I want to ssh to my client ,there is sonic-firewall .In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
AFAIK, regarding your actual question: ultra allows only publickey auth. raisoni allows publickey, gssapi-with-mic and password.
And assuming you know and used the right password on raisoni for root, then it does not allow root logins through ssh.
Ritesh Yeole wrote:
Dear Sir, I want to ssh to my client ,there is sonic-firewall .
In firewall static ip nat with server ip Now i want to ssh it then it ask for password but when passwd put is says= [root@ndtest ~]# ssh ultra root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied, please try again. root@ultra's password: Permission denied (publickey). =================[root@ndtest ~]# ssh raisoni root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied, please try again. root@raisoni's password: Permission denied (publickey,gssapi-with-mic,password). [root@ndtest ~]#
Plz tell me what is difference between them and how it is solved.
Thanks Ritesh
you need the correct passwords
-
Anoop Chandran -
Brian Chadwick -
Ian Malone -
John Summerfield -
Mikkel -
Ritesh Yeole -
Steve Lindemann -
Tim -
Todd Denniston