John Mort wrote: > We have a couple Fedora machines here and I'm trying to set up SSH so > we can get into them remotely. I've got SSH to work at home so I'm a > little perplexed. > > I configured sshd_config and started the service, locally I can ssh > into localhost, but only as root. Remotely I can't even get in as > root (though I'm using "root" as the username, which might be wrong). > When I try logging in as any of the user accounts it tells me I have > an incorrect password, but I'm pretty certain I'm entering the > password correctly. > > Poking around, I think I might have found the problem, but don't know > how to solve it. On a whim I checked /etc/passwd and /etc/shadow, > /etc/passwd didn't show anything useful but /etc/shadow shows all the > user accounts passwords in plain text, while the root password is > obviously encrypted. I've never (to my knowledge) used /etc/shadow, > but I'm guessing that ssh is checking this file and treating the > plaintext passwords as encrypted passwords, which would cause them to > not match up when it compares the encrypted version of what I'm typing > in. > > In any case, any advice would be appreciated. > > Hi, I think you could do something like installing shadow-utils and using pwconv to build shadow and then put in place the files. However, the defaults with Fedora 8 have it setup already (since the first Fedora release). I highly recommend just sucking it up and re-installing .. :-P
[EMAIL PROTECTED] etc]# rpm -qa | grep shadow shadow-utils-4.0.18.1-21.fc8 # sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp Protocol 2 SyslogFacility AUTHPRIV PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server [EMAIL PROTECTED] ssh]# iptables -L | grep ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh /etc/pam.d/sshd #%PAM-1.0 auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Mar 5 - Wearable Linux Computing Apr 2 - Building a Kernel the Debian / Ubuntu way May 7 - Setting up a platform-independent home/small office network using Linux Jun 4 - TBD Jul 2 - KVM (Tenative)
