Re: authentication failure

To: debian-user@lists.debian.org
Subject: Re: authentication failure
From: Tarek Soliman <tarek-spam@zeusmail.bounceme.net>
Date: Mon, 12 Mar 2007 14:06:45 -0500
Message-id: <[🔎] 20070312190645.GA14553@zeus.olympus>
In-reply-to: <[🔎] 45F59F5C.7010001@acu.edu>
References: <[🔎] BAY23-F9729EDFC4DA4A3652827CB47D0@phx.gbl> <[🔎] 45F59F5C.7010001@acu.edu>

On Mon, Mar 12, 2007 at 01:43:40PM -0500, Kent West wrote:
> So you can log in locally at the terminal as a normal user and then "su
> - root" successfully,
> but you can not log in via ssh as that same normal user and then "su -
> root" successfully.
> 
> I don't know of any mechanism that would cause this (but then, I'm not
> an ssh expert), except perhaps that the password is not being
> communicated properly over the ssh link.
> 

There is a built-in safeguard againt the bad practice of logging in as
root (as opposed to regular user then su/sudo/...)
In /etc/ssh/sshd.conf there is a line:
PermitRootLogin no

There is also the AllowUsers line to limit ssh login to certain users.

I suggest reading the "Securing Debian" howto.

Do not log in as root via ssh or even allow it.
There are reasons why the default in Debian is PermitRootLogin no

Instead, log in as a regular user and then su to root.

If there is a reason you need to log in as root for (instead of logging
in as you and then su-ing to root) let us know and we'll tell you ways
to get around that without allowing root logins

-- 
Tarek

Reply to:

Follow-Ups:
- Re: authentication failure
  - From: Andrei Popescu <andreimpopescu@gmail.com>

References:
- Re: authentication failure
  - From: "semgogo sem" <semgogo@hotmail.com>
- Re: authentication failure
  - From: Kent West <westk@acu.edu>

Prev by Date: Re: authentication failure
Next by Date: Re: PayPal - Limited account access -
Previous by thread: Re: authentication failure
Next by thread: Re: authentication failure
Index(es):
- Date
- Thread