Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Xubuntu 14.04, OpenSSH Server works once then stops

Posted on 2014-09-03
9
Medium Priority
?
783 Views
Last Modified: 2014-09-05
Fresh Xubuntu install in an ESXi 5.5 vm, first thing after reboot was installing OpenSSH-server, which happened without incident. Ran sudo service ssh status, which was running.
Opened Putty on Win8 client, successfully logged into the Xubuntu server as adminuser.  Closed out ssh, editing sshd_config:

PermitRootLogin without-password yes

Then I stopped, started ssh and now Putty will not connect with: Connection refused.

ps ax | grep ssh:

1525 ? Ss 0:00 ssh-agent -s
2189 pts/8 0:00 grep --color=auto ssh

I had a small issue earlier where 'sudo service ssh stop/start/restart' returned an unknown service.  I fixed it by running initctl reload-configuration.

Now I can start, stop or restart ssh perfectly.. but and maybe things changes since 12.xx but I thought the ssh server deamon was sshd... shouldn't i need to make sure sshd is running somewhere?

ps ax | grep sshd:

2192 pts/8 S+ 0:00 grep --color=auto sshd

thats it..


OH almost forgot.. UFW is 'inactive'
Help?
0
Comment
Question by:Ben Hart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
9 Comments
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40302954
Did you undo that change and retry?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40303256
HA!.. wow neglected and I posted this yesterday evening!


No I didnt try that.. I want root to be able to ssh into this box though.
0
 
LVL 38

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 1000 total points
ID: 40303478
Can you just try it?

I don't allow root to login, I logon as a user and then su - safer.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 30

Accepted Solution

by:
serialband earned 1000 total points
ID: 40305071
Neglected seems to mean that some people will get more points as an incentive to get more attention to solve the problem for you.

It seems that you may have broken your sshd configuration file.
You should have either
  PermitRootLogin without-password
or
  PermitRootLogin yes

It's not supposed to be both.  That's where your sshd broke.

In the future, you don't log out when you make sshd_config changes.  You stay logged in and restart sshd, then connect with another session to check it.  You existing session will remain connected and new sessions will connect with the new config.  If something breaks, you revert the change and restart again.

If you do permit root to log in, you should probably use keys and not passwords.

Redhat variants tend to allow users to use root and ask for a root password during install.  Ubuntu variants create a sudo user.  I've actually prefer that now and change my redhat to have an admin user to sudo.  Hopefully, you didn't break the ubuntu security model by actually setting a root password.  Ubuntu variants target desktop end users and that's a welcome security model for that crowd.  Redhat still targets the old school admin crowd's back end servers, so they still have root passwords.  I rather keep better track of the admins and force them to log in with their user accounts first.

You actually don't need to set a password for root to log in as root if you use ssh keys.  Deny passwords to root and root has no password to crack.  This prevents unwanted root access and remote brute force hacks.  I also don't set my ssh port to 22 on back end servers, and that prevents numerous brute force attempts from around the world.  General login servers still need to use port 22, or users may get confused.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305695
Thanks for the added explanation serial.

The verbage in my default sshd_conf file was indeed "PermitRootLogin without-password", I did NOT set it to that.  I assume that's some change between Xubuntu  13 and 14 and I am in the process of downloading 13.04 just to see.  But in the past I have never seen that syntax before so I can def go in and try changing it to just Yes or no and see what happens.

Also I know that you don;t need to logout and back in.. Im not sure where you got that I did that but this in Linux.. not Windows ;)

The specific Xubuntu instance is a VM on ESXi with the purpose of hosting an internal code repo.. I'm the server admin here so I'm creating the vm for the dev.  I've never ever had an issue like this with ssh, but this is the first time I went with something other than vanilla Ubuntu too so..

Also thanks for the Neglected comment.. I find EE's timing weird so I had always assumed Neglected meant that I had been the one neglecting my question after less than 24 hours.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305704
Oh wow.. ok I think I;ve got it now.  'without-password' is a new variable to PermitRootLogin... crap I did not 'see' that before but now I do.
And my SSH now works like it should! yay
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305706
I'm giving you both points because ya'll took the time to reply to my topic.
0
 
LVL 30

Expert Comment

by:serialband
ID: 40306014
Then xubuntu has it set up differently, or it's changed recently because of the new variable.  Does your root account actually have a password or is blocked with exclamations (!) in the password field?  In Ubuntu, Mint, & OSX they're blocked.  You can use still keys to ssh to root, but no password.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40306425
Nope.. my root account does have a passwd.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question