Did a new clean new archARM build this afternoon, pushed through a pacman -Syu system update while still using the default alarmpi root account, and then found I could no longer log in to my new system over ssh with the default root account and password.
OpenSSH 7 turned out to be the culprit ( openssh-7.0p1 deprecates ssh-dss keys / https://www.archlinux.org/news/openssh- ... -dss-keys/ ), with one of its "Potentially-incompatible Changes" being
* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".
(http://lists.mindrot.org/pipermail/open ... 00122.html)
A quick edit of /etc/ssh/sshd_config puts things back as they were.
I know permitting root login (with password) over SSH is ill-advised on security groups, but given its the default account on a new arch ARM system, I bet there's a lot of people still doing it. Hope this post saves someone some time...
/ CB
Openssh 7 breaks root login by password
5 posts
• Page 1 of 1
Openssh 7 breaks root login by password
by PiCloud01 » Fri Aug 14, 2015 3:50 pm
- PiCloud01
- Posts: 4
- Joined: Fri Aug 14, 2015 3:36 pm
Re: Openssh 7 breaks root login by password
by WarheadsSE » Fri Aug 14, 2015 8:11 pm
We will be addressing this in new filesystems soon.
(Also, it is not archARM. We've got a full, legal department approved name, an acronym: ALARM)
(Also, it is not archARM. We've got a full, legal department approved name, an acronym: ALARM)
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: Openssh 7 breaks root login by password
by Espionage724 » Sat Aug 15, 2015 3:56 am
$this->bbcode_second_pass_quote('', 'A') quick edit of /etc/ssh/sshd_config puts things back as they were.
How did you edit it specifically?
I added PermitRootLogin yes to that file, rebooted, and still wasn't able to do root login over ssh.
- Espionage724
- Posts: 5
- Joined: Wed Aug 12, 2015 5:41 pm
Re: Openssh 7 breaks root login by password
by PiCloud01 » Sat Aug 15, 2015 9:01 am
There are plenty of potentially incompatible changes in the new openssh.
In my case I could make an SSH connection to the updated system using the root account, and get as far as the password prompt, but the system was rejecting the password. So my basic SSH access to the updated system was fine, it was just a matter of working out what had happened to the root account. PermitRootLogin was the only change I made to the new sshd_config to fix it ...
$this->bbcode_second_pass_code('', '# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10')
As WarheadsSE notes something like this will have to be done in the ALARM tarballs next time they get regenerated.
/ CB
In my case I could make an SSH connection to the updated system using the root account, and get as far as the password prompt, but the system was rejecting the password. So my basic SSH access to the updated system was fine, it was just a matter of working out what had happened to the root account. PermitRootLogin was the only change I made to the new sshd_config to fix it ...
$this->bbcode_second_pass_code('', '# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10')
As WarheadsSE notes something like this will have to be done in the ALARM tarballs next time they get regenerated.
/ CB
- PiCloud01
- Posts: 4
- Joined: Fri Aug 14, 2015 3:36 pm
Re: Openssh 7 breaks root login by password
by WarheadsSE » Sun Aug 16, 2015 1:24 pm
They have now been regenerated, and the installation instructions updated.
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
5 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 2 guests