root access denied via SSH - Unix

This is a discussion on root access denied via SSH - Unix ; Hi, I'm in a bit of an emergency situation. I suspect that after adding a user and modifying that users uid and group id in the /etc/passwd file, all users including root have lost access to the shell - but ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: root access denied via SSH

  1. root access denied via SSH

    Hi,
    I'm in a bit of an emergency situation. I suspect that after adding a
    user and modifying that users uid and group id in the /etc/passwd
    file, all users including root have lost access to the shell - but
    only via SSH. After adding this user and modifying it to have root
    access (potentially incorrectly) as in:
    username:x:0:0::/home/username:/bin/bash
    I tested both the root and the new user and all worked as expected.
    The new user was able to perform all root tasks I had anticipated.
    Overnight access - using either of the two accounts has ceased.

    We have several scheduled (crontab) processes that run. One of which
    stops and starts the httpd services to do backup of the daily log
    file. I do not know of any processes that would reboot or restart the
    server. The server is not in the same building where I am.

    When trying to access the Unix box via SSH I first get the usual
    login as:
    (I type) root
    root@the.ip.address's password:
    (I type the password)
    I get "Access denied" and password prompt

    I know that the passwords I am using are correct. Same thing with any
    other user I know who had access previously.

    I have searched for a solution for this and I may have come up with a
    way to resolve this, but before i go ahead and try my ingenious
    resolution (and really do something stupid) I wanted to ask if anyone
    here could give me any insight as to whether setting up an additional
    user with root access (using the ":x:0:0" setting in the /etc/passwd
    file) could cause such an issue and if so how this can be resolved?

    Thanks so much for ANY insight.
    Tom.


  2. Re: root access denied via SSH

    root (as a special case) can be denied ssh access. See the
    sshd_config man page and look for PermitRootLogin

    Check the log files on the server, use the debug/verbose
    options.

    --
    Stéphane

  3. Re: root access denied via SSH

    Stéphane,
    Thank you for your response.

    I have discovered that I can access the schell using ONE of the
    accounts! This one account however is NOT a superuser so I can not
    delete the newly added user, that may be causing this conflict (which
    I'm not so sure about any more) nor can I change their passwords.

    Also I do not have access to read the contents of sshd_config logged
    in as this user. I did look at the file details and the last time it
    appears to have been modified was a great while back.

    I can read the /etc/passwd file but the user I'm logged in as can not
    write this file. as I am looking at the last user I added, it appears
    to have NO space right after the "/bin/bash" but does have a new line
    at the end of the file. Could this be the cause?

    I am not familiar with how to use the debug/verbose options so I'm
    researching for documentation on how to use these.

    Tom.


  4. Re: root access denied via SSH

    On May 10, 11:54 am, Bill Marcum wrote:
    > On 10 May 2007 07:19:55 -0700, ttepa...@gmail.com wrote:
    >
    > > Hi,
    > > I'm in a bit of an emergency situation. I suspect that after adding a
    > > user and modifying that users uid and group id in the /etc/passwd
    > > file, all users including root have lost access to the shell - but
    > > only via SSH. After adding this user and modifying it to have root
    > > access (potentially incorrectly) as in:
    > > username:x:0:0::/home/username:/bin/bash
    > > I tested both the root and the new user and all worked as expected.
    > > The new user was able to perform all root tasks I had anticipated.
    > > Overnight access - using either of the two accounts has ceased.

    >
    > When you say users have lost access only via ssh, does that mean you can
    > log in from the keyboard of that machine, or your password still works
    > with ftp or other services?
    > These days, allowing root login via password can be a security risk.
    > Perhaps someone broke in and changed the passwords?
    >
    > --
    > Sex, Drugs & Linux Rules
    > -- MaDsen Wikholm, mwikh...@at8.abo.fi


    Good point. I originally assumed that noone is able to access the box
    via SSH. I'm thinking now that the other users I tried I've only used
    for FTP access and never SSH access. Is it possible that user is setup
    to access only FTP and no SSH? I would assume so. At this point I do
    not have access to this machine using a keyboard directly atached to
    it. All I have is SSH (well... and FTP). Users with FTP access can
    access the machine as usual. Also the user I learned of today used to
    run the PATROL services can log in just fine. The problem with this
    user is that it's not a superuser so I cannot use it to access any
    user/password related functions.
    Does this kindof answer your question?

    I have never tried to login as root via FTP so I don't know if root
    would have FTP access.

    I have not ruled the latter out and I'm still trying to get to these
    logs that would tell me what commands have been used.


+ Reply to Thread