RlndVt
commented
11 months ago Is this now a duplicate of #2765 ?
Open FroggyFlox opened 11 months ago
RlndVt
commented
11 months ago Is this now a duplicate of #2765 ?
FroggyFlox
commented
11 months ago No. Please see my comment there (https://github.com/rockstor/rockstor-core/issues/2765#issuecomment-1858537267)... looks like it took me longer to finish writing that one that I thought... sorry for the confusion there.
FroggyFlox
commented
11 months ago Linking to a previous issue by @flukejones reporting the same behavior; interestingly, that was later changed upstream so it seems it has changed again since: #2005.
A PR fixing the current issue should also automatically close #2005.
phillxnet
commented
9 months ago @FroggyFlox Re:
Adding
PermitRootLogin yesto/etc/ssh/sshd_config.d/rockstor-sftp.confand restarting the sshd service restores ssh access for root.
I can confirm that on a freshly built installer (today), profile "Tumbleweed.x86_64", the following equivalent configuration change restores our intended root ssh login behaviour (by password):
echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/PermitRootLogin.conf
systemctl reload sshdWhich is the same additional file found by default in a current Tumbleweed ARM JeOS image as downloaded a few days ago:
phillxnet
commented
6 months ago I've just updated the title on this issue as during pre-release testing of proposed new installers, the 15.6 (RC status upstream still) exhibits the same behaviour. With the same procedure to enable, detailed above, working similarly. I.e. Leap 15.6 similarly requires the explicit PermitRootLogin yes configuration with follow-up sshd reload.
phillxnet
commented
4 days ago N.B. for the most recent build of our 15.6 installer profile Leap15.6.x86_64 the resulting install now has working root user SSH password auth. This is as a result of upstrteam changes we for 15.6 we are inline with upstrteam.
Also note that our recent (pending release) Tumbleweed.x86_64 profile installers, via upstream defaults, do not allow password auth root user SSH - so again we are in-line with upstream defaults as we do not override this.
Thanks to @RlndVt for initially reporting this issue, with original report below:
I just did a VM install of tumbleweed and I can't connect through SSH.
(...) In that case the 'problem' is a discrepency between
PermitRootLogin yeson a Leap install (not a fan long term, but important initially to get the keys transferred,) andPermitRootLogin prohibit-passwordon Tumbleweed.Originally posted by @RlndVt in https://github.com/rockstor/rockstor-core/issues/2277#issuecomment-1852836002
Reproducer see https://github.com/rockstor/rockstor-core/issues/2277#issuecomment-1854790287
/etc/ssh/sshd_config.d/rockstor-sftp.confis present and includes:It seems that
AllowUsers rootno longer takes precedence onPermitRootLogin yesas was observed in https://github.com/rockstor/rockstor-core/issues/2501/https://github.com/rockstor/rockstor-core/pull/2555. AddingPermitRootLogin yesto/etc/ssh/sshd_config.d/rockstor-sftp.confand restarting the sshd service restores ssh access for root. Note that as indicated by @RlndVt, the os default in /usr/etc/ssh/sshd_config is nowPermitRootLogin prohibit-password. I'm not sure if that changed since https://github.com/rockstor/rockstor-core/pull/2555/https://github.com/rockstor/rockstor-core/issues/2501, though, so this would need to be better identified so that we are sure to properly resolve the issue.