SSH Tumbleweed OpenSSH_8.4p1, need to enable root
Guys, Hey, so I been redoing my libvirtd servers and I notice that sshd_config and ssh_config files are no longer in /etc/ssh . ├── ssh_config.d ├── ssh_host_dsa_key ├── ssh_host_dsa_key.pub ├── ssh_host_ecdsa_key ├── ssh_host_ecdsa_key.pub ├── ssh_host_ed25519_key ├── ssh_host_ed25519_key.pub ├── ssh_host_rsa_key ├── ssh_host_rsa_key.pub └── sshd_config.d There are now ssh_config.d and sshd_config.d folders. I have to enable root login because i have a master virt-manager that manages the other libvirtd servers. This new setup disables root access all together and I spent a few hours trying to google how to re-enable root access. I also need to know how to set my port back up on their special. Can someone explain to me what I need to do, I figure it dropping in a config into the folders. -- Terror PUP a.k.a Chuck "PUP" Payne ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363 openSUSE Community Member since 2008.
It seems like there has been a strategic decision to not provide a fully commented aka documented sshd_config file in /etc anymore. I fell into the same pit some weeks ago. This makes it harder for people who like you and me only rarely change something in sshd config, I guess, but that's life. Afaik we have to create an sshd_config file from scratch now, and if you only need to give access to root, it should only have these lines (all other settings are defaults) There is however this file here: /usr/etc/ssh/sshd_config which looks a lot like the old one... and it says: # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. # To modify the system-wide sshd configuration, create a "*.conf" file under # "/etc/ssh/sshd_config.d/" which will be automatically included below. # Don't edit this configuration file itself if possible to avoid update # problems. I found this because I did a rpm -qli openssh-server or a 'locate sshd_config' on my system (for the latter locate has to be installed and updatedb has had to be run initially) Am Dienstag, 6. Juli 2021, 16:49:22 CEST schrieb Chuck Payne:
Guys,
Hey, so I been redoing my libvirtd servers and I notice that sshd_config and ssh_config files are no longer in /etc/ssh
. ├── ssh_config.d ├── ssh_host_dsa_key ├── ssh_host_dsa_key.pub ├── ssh_host_ecdsa_key ├── ssh_host_ecdsa_key.pub ├── ssh_host_ed25519_key ├── ssh_host_ed25519_key.pub ├── ssh_host_rsa_key ├── ssh_host_rsa_key.pub └── sshd_config.d
There are now ssh_config.d and sshd_config.d folders. I have to enable root login because i have a master virt-manager that manages the other libvirtd servers.
This new setup disables root access all together and I spent a few hours trying to google how to re-enable root access.
I also need to know how to set my port back up on their special. Can someone explain to me what I need to do, I figure it dropping in a config into the folders.
-- Best Regards - Mit freundlichen Grüßen, Markus Feilner, Feilner IT - 20 years of open services - ------------------------- Agile Recursive Documentation: – Document it or it didn't happen! – ------------------------- Digitale Souveränität, Nachhaltigkeit, Dokumentation Linux, Security, Strategy, Politics, Journalism, Networking. https://www.feilner-it.net, 93059 Regensburg Wöhrdstr. 10, +49 170 302 7092 (+Signal) Blog: https://markusfeilner.de PGP: 40A3C306F96133067C11CFD9A958A906268C9F0A http://www.feilner-it.net/files/MFpub.asc Xing: http://www.xing.com/profile/Markus_Feilner LinkedIn: https://www.linkedin.com/in/markusfeilner @mfeilner: Matrix, Jabber, Skype, Twitter, Diaspora, ...
For the needed options: I guess these lines will be your friends...look them up in the manual though, if I am wrong: PasswordAuthentication no PermitRootLogin without-password PubkeyAuthentication yes (I don't think any of them is default, but maybe the last line is, didnt check) I have this as standard on my cloud machines, where in emergencies I also have a VM konsole available... Am Dienstag, 6. Juli 2021, 17:01:57 CEST schrieb Markus Feilner:
It seems like there has been a strategic decision to not provide a fully commented aka documented sshd_config file in /etc anymore. I fell into the same pit some weeks ago. This makes it harder for people who like you and me only rarely change something in sshd config, I guess, but that's life.
Afaik we have to create an sshd_config file from scratch now, and if you only need to give access to root, it should only have these lines (all other settings are defaults)
There is however this file here: /usr/etc/ssh/sshd_config which looks a lot like the old one...
and it says:
# This is the sshd server system-wide configuration file. See # sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value.
# To modify the system-wide sshd configuration, create a "*.conf" file under # "/etc/ssh/sshd_config.d/" which will be automatically included below. # Don't edit this configuration file itself if possible to avoid update # problems.
I found this because I did a rpm -qli openssh-server or a 'locate sshd_config' on my system (for the latter locate has to be installed and updatedb has had to be run initially)
Am Dienstag, 6. Juli 2021, 16:49:22 CEST schrieb Chuck Payne:
Guys,
Hey, so I been redoing my libvirtd servers and I notice that sshd_config and ssh_config files are no longer in /etc/ssh
. ├── ssh_config.d ├── ssh_host_dsa_key ├── ssh_host_dsa_key.pub ├── ssh_host_ecdsa_key ├── ssh_host_ecdsa_key.pub ├── ssh_host_ed25519_key ├── ssh_host_ed25519_key.pub ├── ssh_host_rsa_key ├── ssh_host_rsa_key.pub └── sshd_config.d
There are now ssh_config.d and sshd_config.d folders. I have to enable root login because i have a master virt-manager that manages the other libvirtd servers.
This new setup disables root access all together and I spent a few hours trying to google how to re-enable root access.
I also need to know how to set my port back up on their special. Can someone explain to me what I need to do, I figure it dropping in a config into the folders.
-- Best Regards - Mit freundlichen Grüßen, Markus Feilner, Feilner IT - 20 years of open services - ------------------------- Agile Recursive Documentation: – Document it or it didn't happen! – ------------------------- Digitale Souveränität, Nachhaltigkeit, Dokumentation Linux, Security, Strategy, Politics, Journalism, Networking. https://www.feilner-it.net, 93059 Regensburg Wöhrdstr. 10, +49 170 302 7092 (+Signal) Blog: https://markusfeilner.de PGP: 40A3C306F96133067C11CFD9A958A906268C9F0A http://www.feilner-it.net/files/MFpub.asc Xing: http://www.xing.com/profile/Markus_Feilner LinkedIn: https://www.linkedin.com/in/markusfeilner @mfeilner: Matrix, Jabber, Skype, Twitter, Diaspora, ...
On 2021/07/06 08:01, Markus Feilner wrote:
It seems like there has been a strategic decision to not provide a fully commented aka documented sshd_config file in /etc anymore. I fell into the same pit some weeks ago. This makes it harder for people who like you and me only rarely change something in sshd config, I guess, but that's life.
Afaik we have to create an sshd_config file from scratch now, and if you only need to give access to root, it should only have these lines (all other settings are defaults)
This was listed as a probable fallout of the /usr-merge movement, one that I thought to be of high concern, but was told that user-addressable files would either be non-existent or stubs. However it was mentioned that users might circumvent this by moving the contents of all of the configs back to their useful locations. This is semi-equivalent to making the bootup and service process no longer modifiable w/o having access to a development system to recompile opaque, monolithic control programs vs. reconfiguration by editing a shell script. It's a shame the computer industry is moving away from personal computers, and how the current CEO of what was the leading SW company of the PC revolution has a vision to move consumers away from desktops toward handhelds and tablets. Being someone with a computer science degree, I've rarely felt ok or fine with simple defaults (for better or worse). -l
Guys, Markus, your notes got me up and running. This really needs to be added to the wiki if it not there already, I am glad someone else saw this. I am back up and running. On the move to everything to /usr Lucky I saw the emails, not happy because it seems we are going the Fedora way, anyway. I don't get why we do changes, seems we tend to follow Fedora/Ubuntu doing that make our own changes. Tumbleweed seems to have a lot fewer packages. I use to have a number of Nginx packages I used, there a number missing. Seriously, a lot less packages. But, when I when to the /etc/ssh folder and there no configuration, I was like what the hell, and for once Google was less than friendly. On Tue, Jul 6, 2021 at 11:13 AM L A Walsh <suse@tlinx.org> wrote:
On 2021/07/06 08:01, Markus Feilner wrote:
It seems like there has been a strategic decision to not provide a fully commented aka documented sshd_config file in /etc anymore. I fell into the same pit some weeks ago. This makes it harder for people who like you and me only rarely change something in sshd config, I guess, but that's life.
Afaik we have to create an sshd_config file from scratch now, and if you only need to give access to root, it should only have these lines (all other settings are defaults)
This was listed as a probable fallout of the /usr-merge movement, one that I thought to be of high concern, but was told that user-addressable files would either be non-existent or stubs.
However it was mentioned that users might circumvent this by moving the contents of all of the configs back to their useful locations.
This is semi-equivalent to making the bootup and service process no longer modifiable w/o having access to a development system to recompile opaque, monolithic control programs vs. reconfiguration by editing a shell script.
It's a shame the computer industry is moving away from personal computers, and how the current CEO of what was the leading SW company of the PC revolution has a vision to move consumers away from desktops toward handhelds and tablets.
Being someone with a computer science degree, I've rarely felt ok or fine with simple defaults (for better or worse).
-l
-- Terror PUP a.k.a Chuck "PUP" Payne ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363 openSUSE Community Member since 2008.
To connect to libvirtd you don't need to login as root. You can log in as regular user, which belongs to libvirt group. W dniu 06.07.2021 o 16:49, Chuck Payne pisze:
Guys,
Hey, so I been redoing my libvirtd servers and I notice that sshd_config and ssh_config files are no longer in /etc/ssh
. ├── ssh_config.d ├── ssh_host_dsa_key ├── ssh_host_dsa_key.pub ├── ssh_host_ecdsa_key ├── ssh_host_ecdsa_key.pub ├── ssh_host_ed25519_key ├── ssh_host_ed25519_key.pub ├── ssh_host_rsa_key ├── ssh_host_rsa_key.pub └── sshd_config.d
There are now ssh_config.d and sshd_config.d folders. I have to enable root login because i have a master virt-manager that manages the other libvirtd servers.
This new setup disables root access all together and I spent a few hours trying to google how to re-enable root access.
I also need to know how to set my port back up on their special. Can someone explain to me what I need to do, I figure it dropping in a config into the folders. -- Terror PUP a.k.a Chuck "PUP" Payne ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363
openSUSE Community Member since 2008.
Adam, I am playing to do that. I am in process of rebuilding my whole lab. The plan is to have libvirtd user so that I can use Ansible to move, shutdown, and create virts. Something simple. At some point, I want to get terraform in my lab. I am working on get foreman to work with all my boxes as well. Thanks for your help TerrorPUP On Tue, Jul 6, 2021 at 11:50 AM Adam Mizerski <adam@mizerski.pl> wrote:
To connect to libvirtd you don't need to login as root. You can log in as regular user, which belongs to libvirt group.
W dniu 06.07.2021 o 16:49, Chuck Payne pisze:
Guys,
Hey, so I been redoing my libvirtd servers and I notice that sshd_config and ssh_config files are no longer in /etc/ssh
. ├── ssh_config.d ├── ssh_host_dsa_key ├── ssh_host_dsa_key.pub ├── ssh_host_ecdsa_key ├── ssh_host_ecdsa_key.pub ├── ssh_host_ed25519_key ├── ssh_host_ed25519_key.pub ├── ssh_host_rsa_key ├── ssh_host_rsa_key.pub └── sshd_config.d
There are now ssh_config.d and sshd_config.d folders. I have to enable root login because i have a master virt-manager that manages the other libvirtd servers.
This new setup disables root access all together and I spent a few hours trying to google how to re-enable root access.
I also need to know how to set my port back up on their special. Can someone explain to me what I need to do, I figure it dropping in a config into the folders. -- Terror PUP a.k.a Chuck "PUP" Payne ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363
openSUSE Community Member since 2008.
-- Terror PUP a.k.a Chuck "PUP" Payne ----------------------------------------- Discover it! Enjoy it! Share it! openSUSE Linux. ----------------------------------------- openSUSE -- Terrorpup openSUSE Ambassador/openSUSE Member skype,twiiter,identica,friendfeed -- terrorpup freenode(irc) --terrorpup/lupinstein Register Linux Userid: 155363 openSUSE Community Member since 2008.
participants (4)
-
Adam Mizerski -
Chuck Payne -
L A Walsh -
Markus Feilner