Solved

Xubuntu 14.04, OpenSSH Server works once then stops

Posted on 2014-09-03
9
759 Views
Last Modified: 2014-09-05
Fresh Xubuntu install in an ESXi 5.5 vm, first thing after reboot was installing OpenSSH-server, which happened without incident. Ran sudo service ssh status, which was running.
Opened Putty on Win8 client, successfully logged into the Xubuntu server as adminuser.  Closed out ssh, editing sshd_config:

PermitRootLogin without-password yes

Then I stopped, started ssh and now Putty will not connect with: Connection refused.

ps ax | grep ssh:

1525 ? Ss 0:00 ssh-agent -s
2189 pts/8 0:00 grep --color=auto ssh

I had a small issue earlier where 'sudo service ssh stop/start/restart' returned an unknown service.  I fixed it by running initctl reload-configuration.

Now I can start, stop or restart ssh perfectly.. but and maybe things changes since 12.xx but I thought the ssh server deamon was sshd... shouldn't i need to make sure sshd is running somewhere?

ps ax | grep sshd:

2192 pts/8 S+ 0:00 grep --color=auto sshd

thats it..


OH almost forgot.. UFW is 'inactive'
Help?
0
Comment
Question by:Ben Hart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40302954
Did you undo that change and retry?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40303256
HA!.. wow neglected and I posted this yesterday evening!


No I didnt try that.. I want root to be able to ssh into this box though.
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 250 total points
ID: 40303478
Can you just try it?

I don't allow root to login, I logon as a user and then su - safer.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Accepted Solution

by:
serialband earned 250 total points
ID: 40305071
Neglected seems to mean that some people will get more points as an incentive to get more attention to solve the problem for you.

It seems that you may have broken your sshd configuration file.
You should have either
  PermitRootLogin without-password
or
  PermitRootLogin yes

It's not supposed to be both.  That's where your sshd broke.

In the future, you don't log out when you make sshd_config changes.  You stay logged in and restart sshd, then connect with another session to check it.  You existing session will remain connected and new sessions will connect with the new config.  If something breaks, you revert the change and restart again.

If you do permit root to log in, you should probably use keys and not passwords.

Redhat variants tend to allow users to use root and ask for a root password during install.  Ubuntu variants create a sudo user.  I've actually prefer that now and change my redhat to have an admin user to sudo.  Hopefully, you didn't break the ubuntu security model by actually setting a root password.  Ubuntu variants target desktop end users and that's a welcome security model for that crowd.  Redhat still targets the old school admin crowd's back end servers, so they still have root passwords.  I rather keep better track of the admins and force them to log in with their user accounts first.

You actually don't need to set a password for root to log in as root if you use ssh keys.  Deny passwords to root and root has no password to crack.  This prevents unwanted root access and remote brute force hacks.  I also don't set my ssh port to 22 on back end servers, and that prevents numerous brute force attempts from around the world.  General login servers still need to use port 22, or users may get confused.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305695
Thanks for the added explanation serial.

The verbage in my default sshd_conf file was indeed "PermitRootLogin without-password", I did NOT set it to that.  I assume that's some change between Xubuntu  13 and 14 and I am in the process of downloading 13.04 just to see.  But in the past I have never seen that syntax before so I can def go in and try changing it to just Yes or no and see what happens.

Also I know that you don;t need to logout and back in.. Im not sure where you got that I did that but this in Linux.. not Windows ;)

The specific Xubuntu instance is a VM on ESXi with the purpose of hosting an internal code repo.. I'm the server admin here so I'm creating the vm for the dev.  I've never ever had an issue like this with ssh, but this is the first time I went with something other than vanilla Ubuntu too so..

Also thanks for the Neglected comment.. I find EE's timing weird so I had always assumed Neglected meant that I had been the one neglecting my question after less than 24 hours.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305704
Oh wow.. ok I think I;ve got it now.  'without-password' is a new variable to PermitRootLogin... crap I did not 'see' that before but now I do.
And my SSH now works like it should! yay
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305706
I'm giving you both points because ya'll took the time to reply to my topic.
0
 
LVL 29

Expert Comment

by:serialband
ID: 40306014
Then xubuntu has it set up differently, or it's changed recently because of the new variable.  Does your root account actually have a password or is blocked with exclamations (!) in the password field?  In Ubuntu, Mint, & OSX they're blocked.  You can use still keys to ssh to root, but no password.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40306425
Nope.. my root account does have a passwd.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Samba Question 11 138
The better OS Architecture 13 108
Ubuntu don’t allow SU command in terminal 7 123
Logrotate Every Saturday 5 44
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question