• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 798
  • Last Modified:

Xubuntu 14.04, OpenSSH Server works once then stops

Fresh Xubuntu install in an ESXi 5.5 vm, first thing after reboot was installing OpenSSH-server, which happened without incident. Ran sudo service ssh status, which was running.
Opened Putty on Win8 client, successfully logged into the Xubuntu server as adminuser.  Closed out ssh, editing sshd_config:

PermitRootLogin without-password yes

Then I stopped, started ssh and now Putty will not connect with: Connection refused.

ps ax | grep ssh:

1525 ? Ss 0:00 ssh-agent -s
2189 pts/8 0:00 grep --color=auto ssh

I had a small issue earlier where 'sudo service ssh stop/start/restart' returned an unknown service.  I fixed it by running initctl reload-configuration.

Now I can start, stop or restart ssh perfectly.. but and maybe things changes since 12.xx but I thought the ssh server deamon was sshd... shouldn't i need to make sure sshd is running somewhere?

ps ax | grep sshd:

2192 pts/8 S+ 0:00 grep --color=auto sshd

thats it..


OH almost forgot.. UFW is 'inactive'
Help?
0
Ben Hart
Asked:
Ben Hart
  • 5
  • 2
  • 2
2 Solutions
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Did you undo that change and retry?
0
 
Ben HartAuthor Commented:
HA!.. wow neglected and I posted this yesterday evening!


No I didnt try that.. I want root to be able to ssh into this box though.
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
Can you just try it?

I don't allow root to login, I logon as a user and then su - safer.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
serialbandCommented:
Neglected seems to mean that some people will get more points as an incentive to get more attention to solve the problem for you.

It seems that you may have broken your sshd configuration file.
You should have either
  PermitRootLogin without-password
or
  PermitRootLogin yes

It's not supposed to be both.  That's where your sshd broke.

In the future, you don't log out when you make sshd_config changes.  You stay logged in and restart sshd, then connect with another session to check it.  You existing session will remain connected and new sessions will connect with the new config.  If something breaks, you revert the change and restart again.

If you do permit root to log in, you should probably use keys and not passwords.

Redhat variants tend to allow users to use root and ask for a root password during install.  Ubuntu variants create a sudo user.  I've actually prefer that now and change my redhat to have an admin user to sudo.  Hopefully, you didn't break the ubuntu security model by actually setting a root password.  Ubuntu variants target desktop end users and that's a welcome security model for that crowd.  Redhat still targets the old school admin crowd's back end servers, so they still have root passwords.  I rather keep better track of the admins and force them to log in with their user accounts first.

You actually don't need to set a password for root to log in as root if you use ssh keys.  Deny passwords to root and root has no password to crack.  This prevents unwanted root access and remote brute force hacks.  I also don't set my ssh port to 22 on back end servers, and that prevents numerous brute force attempts from around the world.  General login servers still need to use port 22, or users may get confused.
0
 
Ben HartAuthor Commented:
Thanks for the added explanation serial.

The verbage in my default sshd_conf file was indeed "PermitRootLogin without-password", I did NOT set it to that.  I assume that's some change between Xubuntu  13 and 14 and I am in the process of downloading 13.04 just to see.  But in the past I have never seen that syntax before so I can def go in and try changing it to just Yes or no and see what happens.

Also I know that you don;t need to logout and back in.. Im not sure where you got that I did that but this in Linux.. not Windows ;)

The specific Xubuntu instance is a VM on ESXi with the purpose of hosting an internal code repo.. I'm the server admin here so I'm creating the vm for the dev.  I've never ever had an issue like this with ssh, but this is the first time I went with something other than vanilla Ubuntu too so..

Also thanks for the Neglected comment.. I find EE's timing weird so I had always assumed Neglected meant that I had been the one neglecting my question after less than 24 hours.
0
 
Ben HartAuthor Commented:
Oh wow.. ok I think I;ve got it now.  'without-password' is a new variable to PermitRootLogin... crap I did not 'see' that before but now I do.
And my SSH now works like it should! yay
0
 
Ben HartAuthor Commented:
I'm giving you both points because ya'll took the time to reply to my topic.
0
 
serialbandCommented:
Then xubuntu has it set up differently, or it's changed recently because of the new variable.  Does your root account actually have a password or is blocked with exclamations (!) in the password field?  In Ubuntu, Mint, & OSX they're blocked.  You can use still keys to ssh to root, but no password.
0
 
Ben HartAuthor Commented:
Nope.. my root account does have a passwd.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now