Re: ssh: Permission denied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simon Wu wrote:
Hello,

I tried ssh between two Fedora 3 PCs. It only works one way, the other
way, I got the following error:

root@pcary21j's password:
Permission denied, please try again.
root@pcary21j's password:
Permission denied, please try again.
root@pcary21j's password:
Permission denied (publickey,gssapi-with-mic,password).
[root@pcary631 ~]# cd /etc/udev

I'd appreciate if any one can help.

Thanks,

Simon


It is common, and appropriate to turn off root access to ssh. This is done in the /etc/ssh/sshd_config file.

All comments in this file are the default values, and several should be changed:

#Protocol 2,1
should read:
Protocol 2

#PermitRootLogin yes
should read
PermitRootLogin no

and this is probably your case on one system.

Also, it is common and appropriate to ADD a line to this file like:

AllowUsers fred wilma barney betty

This will prevent any mischief on user ids that get installed from broken rpms, or other software installs, that may leave system accounts open to attacks.

sudo is your friend.

Learn to NEVER remote login as root.

For all the UNIX/Linux administrators that I have worked with over the years since ssh became available (yes, there was a time before that!), the preferred practice is:

1. generate keys on your desktop -- Don't use passcodes if you want easy logins. Consult your corporate security guru if you have one.
   ssh-keygen -t rsa
   ssh-keygen -t dsa
   cd ~/.ssh
   cp id_rsa.pub authorized_keys
   cat id_dsa.pub >> authorized_keys

2.   Copy those keys to all systems that you manage.
   cd ~
   scp -rp .tcshrc .login .ssh target_host:
(or whatever shell startups you might like, ie: .profile, .bashrc, etc.)
   enter your password for the remote system when asked for

From now on you can ssh to and scp to target_host without entering a passwd.

When the need arises to to manage target_host:
   ssh target_host
   sudo vi /etc/ssh/sshd_conf (for example)

This will leave a trace in the log files, and will be reported on that day's Logwatch. A very good thing when you have unexpected problems and notice a typo in the command on Logwatch reports. :)

It is a very rare occasion that requires root login to a remote system.

Good luck!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux