On 26/03/2021 11.31, David T-G wrote:
Dave, et al --
...and then Dave Howorth said... % % On Thu, 25 Mar 2021 22:06:00 -0400 % David T-G <davidtg-robot@justpickone.org> wrote: % % > Makes sense to me, but sudo or even su (ew!) will still work. % % Well if root login is disabled and if normal login fails, how do you % get a session to use the su command?
Again, I have never in my recollection come across such a problem, and I would honestly and really be very interested in seeing a reproducible example of such a configuration problem that "|| true" would fix.
Not being able to ssh-ing to a machine due to changes in configuration is quite a normal incident. It typically happens when you add entry via sharing public keys, then disallowing login via password. Next step, testing it. Oops! Something went wrong. If the machine is local, no problem. If it is remote, the seasoned admin will keep an ssh session open before doing the changes and not close it: he will try in a new session. Yes, it happened to me, locally. The other common incident is when there is some change to the allowed protocols accepted by both client and server after an update, and ssh login stops working because they don't agree on one. Yes, this happened to me with an old machine. I use plain telnet instead. You can find these problems searching in the historic mail archive, years back. Thousands of posts, so not easy to locate. Another issue: for some reason, on all my new *suse machines, when trying to ssh-in, this would happen: Received disconnect from 192.168.1.129: 2: Too many authentication failures for cer ... on the server log. Impossible to remote login. Cause? Unknown. Cure? This change on the server "/etc/ssh/sshd_config" file: #MaxAuthTries 6 MaxAuthTries 12 I know that it is in fact a problem with this client machine, so if I tested with another machine it would work and I would not be aware of the problem. Suppose now the new machine is deployed remotely, have to login from this machine... stuck. It started happening many years ago. Today I tried, and it no longer happens. Some change to the protocols accepted, I suppose. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)