Hello all, reading this list for a while I now have a question: I am trying to use a Banana Pi M2 Zero with Opensuse Arm. I got the latest X11 image from repositories/home:/seife:/bananapi Booting to xdm login is no problem, Wifi works :-) As I am missing Micro USB cables/adapters for keyboard I tried to login via ssh from my local network. sshd_config says: root access is allowed and https://en.opensuse.org/HCL:BananaPi_M2_Zero says: root ps is "linux". This doesn't work, even changing pw entry to empty in /etc/shadow doesn't give me access. What I am missing? Apparmor? (I am not familiar with this) pc1:/mnt/etc/apparmor.d # grep -ir ssh * abstractions/private-files-strict: audit deny @{HOME}/.ssh/{,**} mrwkl, abstractions/ubuntu-browsers.d/user-files: audit deny @{HOME}/.ssh/{,**} mrwkl, abstractions/consoles: # -all- xterm, sshd, etc, terminals on the system. Joe
On Wed, 1 Mar 2023 14:05:00 +0100
DL3VL
sshd_config says: root access is allowed and
https://en.opensuse.org/HCL:BananaPi_M2_Zero
says: root ps is "linux".
This doesn't work, even changing pw entry to empty in /etc/shadow doesn't give me access.
What I am missing?
Apparmor? (I am not familiar with this)
Have you checked /etc/ssh/sshd_config for the PermitRootLogin setting? From the man page sshd_config(5): PermitRootLogin Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is yes. If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-in- teractive authentication are disabled for root. My bet is it is set to "prohibit-password". HTH, Torsten
Hello Torsten,
From the man page sshd_config(5):
PermitRootLogin Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is yes.
If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-in- teractive authentication are disabled for root.
My bet is it is set to "prohibit-password".
HTH, Torsten
yes, I checked this before: cat /mnt/etc/ssh/sshd_config.d/PermitRootLogin.conf # Allow root login on ssh PermitRootLogin yes and output of ssh -vvv is: ... debug1: Next authentication method: password root@10.10.1.210's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. snippet from etc/shadow: root::19415:::::: Joe
On Mär 01 2023, DL3VL wrote:
snippet from etc/shadow:
root::19415::::::
sshd by default does not allow empty passwords (PermitEmptyPasswords). -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."
Hello Andreas, Am 01.03.23 um 16:54 schrieb Andreas Schwab:
On Mär 01 2023, DL3VL wrote:
snippet from etc/shadow:
root::19415::::::
sshd by default does not allow empty passwords (PermitEmptyPasswords).
Didn't know this. The system came without sshd_config so I created one with PermitEmptyPasswords yes 2nd try: copied the sshd_config from my running leap15.4 system. Both didn't work :-( Joe
participants (3)
-
Andreas Schwab
-
DL3VL
-
Torsten Duwe