[Gllug] Debian SSH not letting root login anymore?
Alain Williams
addw at phcomp.co.uk
Wed Nov 9 16:00:52 UTC 2005
On Wed, Nov 09, 2005 at 03:48:35PM +0000, Rich Walker wrote:
>
> Hi,
>
> I recently upgraded one of our machines, and now can't do
>
> ssh -X root at thoth
>
> to it any more.
Quite right too.
ssh as yourself and then 'su'.
Why? If you type 'who' and just see a set of root logins, do you know who is really
using the machine ? Also: by making someone login & then go su, you ensure that
2 passwords are needed to crack the system -- makes things a tiny bit more secure.
> Login as a normal user still works.
>
> /var/log/auth.log suggests pam is causing problems:
>
> Nov 9 15:42:31 thoth sshd[8093]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gateway.shadow.local user=root
> Nov 9 15:42:35 thoth sshd[8093]: Accepted keyboard-interactive/pam for root from 10.1.1.17 port 43186 ssh2
> Nov 9 15:42:35 thoth sshd[8093]: fatal: PAM: pam_setcred(): Permission denied
>
> Any ideas where I should be looking?
>
> cheers, Rich.
>
> --
> rich walker | Shadow Robot Company | rw at shadow.org.uk
> technical director 251 Liverpool Road |
> need a Hand? London N1 1LX | +UK 20 7700 2487
> www.shadow.org.uk/products/newhand.shtml
> --
> Gllug mailing list - Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
--
Alain Williams
Parliament Hill Computers Ltd.
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
#include <std_disclaimer.h>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20051109/44ecb3eb/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list