Solved

Xubuntu 14.04, OpenSSH Server works once then stops

Posted on 2014-09-03
9
725 Views
Last Modified: 2014-09-05
Fresh Xubuntu install in an ESXi 5.5 vm, first thing after reboot was installing OpenSSH-server, which happened without incident. Ran sudo service ssh status, which was running.
Opened Putty on Win8 client, successfully logged into the Xubuntu server as adminuser.  Closed out ssh, editing sshd_config:

PermitRootLogin without-password yes

Then I stopped, started ssh and now Putty will not connect with: Connection refused.

ps ax | grep ssh:

1525 ? Ss 0:00 ssh-agent -s
2189 pts/8 0:00 grep --color=auto ssh

I had a small issue earlier where 'sudo service ssh stop/start/restart' returned an unknown service.  I fixed it by running initctl reload-configuration.

Now I can start, stop or restart ssh perfectly.. but and maybe things changes since 12.xx but I thought the ssh server deamon was sshd... shouldn't i need to make sure sshd is running somewhere?

ps ax | grep sshd:

2192 pts/8 S+ 0:00 grep --color=auto sshd

thats it..


OH almost forgot.. UFW is 'inactive'
Help?
0
Comment
Question by:Ben Hart
  • 5
  • 2
  • 2
9 Comments
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40302954
Did you undo that change and retry?
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40303256
HA!.. wow neglected and I posted this yesterday evening!


No I didnt try that.. I want root to be able to ssh into this box though.
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen
Gerwin Jansen earned 250 total points
ID: 40303478
Can you just try it?

I don't allow root to login, I logon as a user and then su - safer.
0
 
LVL 27

Accepted Solution

by:
serialband earned 250 total points
ID: 40305071
Neglected seems to mean that some people will get more points as an incentive to get more attention to solve the problem for you.

It seems that you may have broken your sshd configuration file.
You should have either
  PermitRootLogin without-password
or
  PermitRootLogin yes

It's not supposed to be both.  That's where your sshd broke.

In the future, you don't log out when you make sshd_config changes.  You stay logged in and restart sshd, then connect with another session to check it.  You existing session will remain connected and new sessions will connect with the new config.  If something breaks, you revert the change and restart again.

If you do permit root to log in, you should probably use keys and not passwords.

Redhat variants tend to allow users to use root and ask for a root password during install.  Ubuntu variants create a sudo user.  I've actually prefer that now and change my redhat to have an admin user to sudo.  Hopefully, you didn't break the ubuntu security model by actually setting a root password.  Ubuntu variants target desktop end users and that's a welcome security model for that crowd.  Redhat still targets the old school admin crowd's back end servers, so they still have root passwords.  I rather keep better track of the admins and force them to log in with their user accounts first.

You actually don't need to set a password for root to log in as root if you use ssh keys.  Deny passwords to root and root has no password to crack.  This prevents unwanted root access and remote brute force hacks.  I also don't set my ssh port to 22 on back end servers, and that prevents numerous brute force attempts from around the world.  General login servers still need to use port 22, or users may get confused.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 14

Author Comment

by:Ben Hart
ID: 40305695
Thanks for the added explanation serial.

The verbage in my default sshd_conf file was indeed "PermitRootLogin without-password", I did NOT set it to that.  I assume that's some change between Xubuntu  13 and 14 and I am in the process of downloading 13.04 just to see.  But in the past I have never seen that syntax before so I can def go in and try changing it to just Yes or no and see what happens.

Also I know that you don;t need to logout and back in.. Im not sure where you got that I did that but this in Linux.. not Windows ;)

The specific Xubuntu instance is a VM on ESXi with the purpose of hosting an internal code repo.. I'm the server admin here so I'm creating the vm for the dev.  I've never ever had an issue like this with ssh, but this is the first time I went with something other than vanilla Ubuntu too so..

Also thanks for the Neglected comment.. I find EE's timing weird so I had always assumed Neglected meant that I had been the one neglecting my question after less than 24 hours.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305704
Oh wow.. ok I think I;ve got it now.  'without-password' is a new variable to PermitRootLogin... crap I did not 'see' that before but now I do.
And my SSH now works like it should! yay
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40305706
I'm giving you both points because ya'll took the time to reply to my topic.
0
 
LVL 27

Expert Comment

by:serialband
ID: 40306014
Then xubuntu has it set up differently, or it's changed recently because of the new variable.  Does your root account actually have a password or is blocked with exclamations (!) in the password field?  In Ubuntu, Mint, & OSX they're blocked.  You can use still keys to ssh to root, but no password.
0
 
LVL 14

Author Comment

by:Ben Hart
ID: 40306425
Nope.. my root account does have a passwd.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now