Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 573808 - sshd blocks remote root access
Summary: sshd blocks remote root access
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Release Media
Classification: Unclassified
Component: InstallCD (show other bugs)
Hardware: AMD64 Linux
: Normal minor with 1 vote (vote)
Assignee: Gentoo Release Team
URL:
Whiteboard:
Keywords:
: 574400 575284 577408 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-02-04 00:21 UTC by Joshua Gentry
Modified: 2016-07-29 22:39 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Gentry 2016-02-04 00:21:13 UTC 
This could be fixed with documentation or how sshd is configured.  In the "welcome" screen on boot up, it displays:

To start an ssh server on this system, type "/etc/init.d/sshd start".  If you
need to log in remotely as root, type "passwd root" to reset root's password
to a known value.

However you MUST also add in /etc/ssh/sshd_config:

PermitRootLogin yes

Otherwise root's authentication keeps failing, /var/log/messages shows:

Feb  3 23:47:36 livecd sshd[13537]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1  user=root
Feb  3 23:47:38 livecd sshd[13535]: error: PAM: Authentication failure for root from 127.0.0.1

So either the blurb in the welcome screen should be updated or the default sshd_config file should be updated.


Reproducible: Always

Steps to Reproduce:
1. /etc/init.d/sshd start 
2. passwd root
3. **Enter password twice**
4. ssh localhost
5. **Enter password**
Actual Results:  
After entering the password correctly 4 times, ssh rejects you with:

Permission denied(publickey,keyboard-interactive).

Expected Results:  
You should be logged into the system.

Granted people who are likely to SSH into an install are probably more advanced and will be able to figure out what to do, still it should be made clearer since the install instructions in general are very detailed and don't leave anything out.
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2016-02-21 15:36:10 UTC 
*** Bug 575284 has been marked as a duplicate of this bug. ***
Comment 2 Pacho Ramos gentoo-dev 2016-02-26 21:06:17 UTC 
*** Bug 574400 has been marked as a duplicate of this bug. ***
Comment 3 Ben Kohler gentoo-dev 2016-03-14 18:18:59 UTC 
*** Bug 577408 has been marked as a duplicate of this bug. ***
Comment 4 1clue 2016-03-22 17:44:16 UTC 
While this is minor if you're experienced with remote installs on Linux, it's an unnecessary step on an installer CD in my opinion.

I would rather see the installer media have PermitRootLogin yes, but MOTD would probably be easier as it wouldn't require a patch on upstream solely for the installer image.
Comment 5 steffen.bruederle 2016-05-21 13:49:10 UTC 
This should really be fixed soon.
Personally, I'm very much in favor of adding "PermitRootLogin yes" to sshd_config of the installation media instead of just adding a hint to /etc/motd.
That way, it's enough to add "dosshd passwd=<somepassword>" to the boot line when booting from the installation media, after which the system can directly be installed via SSH without any further console interaction.
Comment 6 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2016-07-29 22:39:46 UTC 
This has been addressed in bug 585232.