Welcome to the Linux Foundation Forum!

Lab 5.3

I can´t do the last step, the system still asking for password and the password is not correct.

Edit the file /etc/ssh/sshd_config and make sure this line is present:
PermitRootLogin without-password
Restart the sshd daemon.

systemctl restart sshd.service

NOTE: On Ubuntu, the ssh service is named ssh not sshd. Attempt to log in as root. It should fail.
$ ssh garply
Copythefile/home/student/.ssh/authorized_keystothedirectory/root/.ssh/ and make sure it is owned by the root user and group.

cat /home/student/.ssh/authorized_keys >> /root/.ssh/authorized_keys

chown root.root /root/.ssh/authorized_keys

chmod 640 /root/.ssh/authorized_keys

Log in to the host garply again, to prove your ssh-key login works.

$ ssh garply *****************************************************************+(FAIL)

Comments

  • lee42x
    lee42x Posts: 380

    This step is dependant on a previous step (5.1) to place the public key for student into the authorized_key file. Please confirm that student can ssh to localhost without needing a password.

  • Thanks for the quick answer.
    Yes, steps 5.1 and 5.2 are done without any problem, everything's running well.
    Once I changed "PermitRootLogin without-password" the last part of the exercise 5.3 doesn`t work.
    Below you can see my the content of /etc/ssh/sshd_config file

    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    HostKey /etc/ssh/ssh_host_ecdsa_key
    HostKey /etc/ssh/ssh_host_ed25519_key

    PermitRootLogin without-password

    PubkeyAuthentication yes

    AuthorizedKeysFile /.ssh/authorized_keys

    PasswordAuthentication yes

    ChallengeResponseAuthentication no

    GSSAPIAuthentication yes
    GSSAPICleanupCredentials no

    UsePAM yes

    X11Forwarding yes

    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS

    Subsystem sftp /usr/libexec/openssh/sftp-server

  • I've tried this exersice in diferent systems and still can't finish it

  • After changing to this :"PermitRootLogin yes" the system allows me to access but still asking me the root password and should't be, isn't it?

  • lee42x
    lee42x Posts: 380

    Yes, using a authorized_keys instead of a password is one of the goals in this exercise. The sequence is: student creates a key, copy student's public key to root's authorized_keys file and test the login works without a password then force root login to only use the authorized_keys. If you are getting prompted for a password, ssh cannot find the key. Our lab has an extra step that copies student's public key in to his own authorized_keys file so the command "ssh student@localhost" works without a password.
    1/ please check that student can log in to localhost without a password.
    2/ confirm the authorized_keys file in /home/student/.ssh/ and /root/.ssh/ are the same.
    Lee

  • I created new user on the system and it worked. Some mistake adding ssh key to a ssh agent with the previous user. I removed all files in $HOME/.ssh/ and tried again and finally worked!!! Thanks for the indications

Categories

Upcoming Training