Welcome to the Linux Foundation Forum!

Lab 5.3

I can´t do the last step, the system still asking for password and the password is not correct.

Edit the file /etc/ssh/sshd_config and make sure this line is present:
PermitRootLogin without-password
Restart the sshd daemon.

systemctl restart sshd.service

NOTE: On Ubuntu, the ssh service is named ssh not sshd. Attempt to log in as root. It should fail.
$ ssh garply
Copythefile/home/student/.ssh/authorized_keystothedirectory/root/.ssh/ and make sure it is owned by the root user and group.

cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys

chown root.root /root/.ssh/authorized_keys

chmod 640 /root/.ssh/authorized_keys

Log in to the host garply again, to prove your ssh-key login works.

$ ssh garply *****************************************************************+(FAIL)

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Comments

  • Posts: 380

    This step is dependant on a previous step (5.1) to place the public key for student into the authorized_key file. Please confirm that student can ssh to localhost without needing a password.

  • Thanks for the quick answer.
    Yes, steps 5.1 and 5.2 are done without any problem, everything's running well.
    Once I changed "PermitRootLogin without-password" the last part of the exercise 5.3 doesn`t work.
    Below you can see my the content of /etc/ssh/sshd_config file

    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key

    PermitRootLogin without-password

    PubkeyAuthentication yes

    AuthorizedKeysFile /.ssh/authorized_keys

    PasswordAuthentication yes

    ChallengeResponseAuthentication no

    GSSAPIAuthentication yes
    GSSAPICleanupCredentials no

    UsePAM yes

    X11Forwarding yes

    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS

    Subsystem sftp /usr/libexec/openssh/sftp-server

  • I've tried this exersice in diferent systems and still can't finish it

  • After changing to this :"PermitRootLogin yes" the system allows me to access but still asking me the root password and should't be, isn't it?

  • Posts: 380

    Yes, using a authorized_keys instead of a password is one of the goals in this exercise. The sequence is: student creates a key, copy student's public key to root's authorized_keys file and test the login works without a password then force root login to only use the authorized_keys. If you are getting prompted for a password, ssh cannot find the key. Our lab has an extra step that copies student's public key in to his own authorized_keys file so the command "ssh student@localhost" works without a password.
    1/ please check that student can log in to localhost without a password.
    2/ confirm the authorized_keys file in /home/student/.ssh/ and /root/.ssh/ are the same.
    Lee

  • I created new user on the system and it worked. Some mistake adding ssh key to a ssh agent with the previous user. I removed all files in $HOME/.ssh/ and tried again and finally worked!!! Thanks for the indications

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training