Trying to ssh root, why get permssion denied in 16.04?

Question

I'm trying to set up passwordless ssh between root accounts in 16.04 (needed for Hadoop installs). I set up a password for root by sudo su - root and passwd.

When I try e.g.

ssh -l root slave3 or ssh-copy-id -i $HOME/.ssh/id_rsa_root.pub root@master

I get

Permission denied, please try again.

I have tried all the advice I can find i.e. making the following edits (one at a time) to /etc/ssh/sshd_config:

PermitRootLogin without-password 
PermitRootLogin yes 
RSAAuthentication yes
PubkeyAuthentication yes
#StrictModes yes
UsePAM no
AllowUsers root hduser

Followed by sudo service ssh reload after each, but still I get permission denied. Any help is much appreciated.

Do you run ufw or any other firewall on any of the machines? Then make sure port 22 is open for in and out communication. — Videonauth, Jun 25 '16 at 11:14
I don't think so, how do I check 22 is open, I'm pretty new to this stuff. — user1773592, Jun 25 '16 at 13:46

score 4 · Accepted Answer · answered Jun 25 '16 at 12:56

4

In Ubuntu, the default SSH policy is "Deny root login via SSH directly, except by SSH Key Authentication only." This is done by the PermitRootLogin without-password line of /etc/ssh/sshd_config.

You can enable root password login over SSH by changing that line to say PermitRootLogin yes. However I must caution you - this permits brute forcing attempts over the Internet of the root password which puts your server at risk - you may wish to consider blocking all SSH traffic except from known "good IP sources" of which you trust the source IPs in order to reduce the chance of being brute-forced on the root login. Where this is not possible, you should strongly consider setting up SSH key authentication for the root account instead of password authentication.

answered Jun 25 '16 at 12:56

Thomas Ward

74,764

1

Thanks but I tried both those things and still get permission denied. – user1773592 Jun 25 '16 at 13:44
Did you comment out the without-password line or leave it in uncommented? (looking back at the edits you said you did) – Thomas Ward Jun 25 '16 at 14:22
Ah that was the problem, I commented out the without-password line and it let me login. Still not sure how I set up password less root though! Thanks for your help, much appreciated!! – user1773592 Jul 01 '16 at 10:03
@user1773592 Use the ssh-copy-id command again. Alternatively, copy your public key by hand into /root/.ssh/authorized_keys on the server and then try and logon again. If the ssh works without password prompt then you are good to uncomment the without-password line and comment out the yes line and all should then work. – Thomas Ward Jul 01 '16 at 11:04
With 'yes' ssh-copy-id worked fine but the logon asks for a password and then logs in OK. With 'without-password' (or with neither) I get permission denied. – user1773592 Jul 01 '16 at 11:20

Trying to ssh root, why get permssion denied in 16.04?

1 Answers1

Linked

Related