There are some situations where root login must be enabled (permitted) over ssh. Sometimes it is a tricky task ))
First of all I enabled the
PermitRootLogin yes
in /etc/ssh/sshd_config.
Then I got an error
Received disconnect from server_ip port xx:2: Too many authentication failures
To overcome this, I've commented out the line
#MaxAuthTries 3
It equals 6 by default.
But it wasn't the last step. The ssh daemon continue to ask the root password after entering it after the first attempt. To see what happened I ran ssh daemon in the console :
# svcadm disable ssh
# /usr/lib/ssh/sshd -D -d -f /etc/ssh/sshd_config
Around a lot of debug messages I saw the message
PAM: User account has expired for root from client_ip
It was strange. The root account looked fine, not expired etc. The rambling over the server led me to /etc/user_attr file where root was presented like :
root::::type=role
According to man pages :
type
Can be assigned one of these strings: normal, indicating that
this account is for a normal user, one who logs in; or role,
indicating that this account is for a role. Roles can only be
assumed by a normal user after the user has logged in.
So I decided to change the type to normal:
# rolemod -K type=normal root
It was enough )). The root ssh login started to work after that.
Good Luck !
No comments:
Post a Comment