I am trying to virtualize an old linux server, and the PtoV software requires a password login as root via ssh. However, the root login is being prevented with a "Permission Denied" error on the client end, and a "Failed Password for root" on the server end (when sshd is running in debug mode).
I HAVE set PermitRootLogin yes
in /etc/ssh/sshd_config
.
This is an old RedHat 7.3 server that has had hardening scripts like Bastille run on it years and years ago, and has many remnants of old OS's (like ipchains – no longer supported by the kernel) lying around. All to say I have little idea what has been altered from the original system, but there is a lot.
- I can log in fine as root from the console
- I can su to root fine from within the console or ssh session
- I can ssh fine as a regular user.
My question is: What else could be preventing my root login on this server?
More information:
/etc/pam.d/sshd
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
session optional pam_console.so
/etc/pam.d/system-auth
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
Can anybody tell me if the hashing algorithm could be the culprit? Keeping in mind that I can log in as an unprivileged user.
Best Answer
Turns out the /etc/init.d/sshd script had no $OPTIONS variable, which would be the reference to the config file. Therefore sshd was starting without any config file at all, and hence, defaulting to "PermitRoodLogin no".
I resolved this by adding the following line near the start of /etc/init.d/sshd:
Hope this helps somebody else.