Trying to ssh root, why get permssion denied in 16.04?
In Ubuntu, the default SSH policy is "Deny root login via SSH directly, except by SSH Key Authentication only." This is done by the PermitRootLogin without-password
line of /etc/ssh/sshd_config
.
You can enable root password login over SSH by changing that line to say PermitRootLogin yes
. However I must caution you - this permits brute forcing attempts over the Internet of the root
password which puts your server at risk - you may wish to consider blocking all SSH traffic except from known "good IP sources" of which you trust the source IPs in order to reduce the chance of being brute-forced on the root login. Where this is not possible, you should strongly consider setting up SSH key authentication for the root account instead of password authentication.
Related videos on Youtube
user1773592
Updated on September 18, 2022Comments
-
user1773592 over 1 year
I'm trying to set up passwordless ssh between root accounts in 16.04 (needed for Hadoop installs). I set up a password for root by
sudo su - root
andpasswd
.When I try e.g.
ssh -l root slave3
orssh-copy-id -i $HOME/.ssh/id_rsa_root.pub root@master
I get
Permission denied, please try again.
I have tried all the advice I can find i.e. making the following edits (one at a time) to /etc/ssh/sshd_config:
PermitRootLogin without-password PermitRootLogin yes RSAAuthentication yes PubkeyAuthentication yes #StrictModes yes UsePAM no AllowUsers root hduser
Followed by
sudo service ssh reload
after each, but still I get permission denied. Any help is much appreciated.-
Videonauth almost 8 yearsDo you run
ufw
or any other firewall on any of the machines? Then make sure port 22 is open for in and out communication. -
user1773592 almost 8 yearsI don't think so, how do I check 22 is open, I'm pretty new to this stuff.
-
-
user1773592 almost 8 yearsThanks but I tried both those things and still get permission denied.
-
Thomas Ward almost 8 yearsDid you comment out the
without-password
line or leave it in uncommented? (looking back at the edits you said you did) -
user1773592 almost 8 yearsAh that was the problem, I commented out the without-password line and it let me login. Still not sure how I set up password less root though! Thanks for your help, much appreciated!!
-
Thomas Ward almost 8 years@user1773592 Use the
ssh-copy-id
command again. Alternatively, copy your public key by hand into/root/.ssh/authorized_keys
on the server and then try and logon again. If the ssh works without password prompt then you are good to uncomment thewithout-password
line and comment out theyes
line and all should then work. -
user1773592 almost 8 yearsWith 'yes' ssh-copy-id worked fine but the logon asks for a password and then logs in OK. With 'without-password' (or with neither) I get permission denied.