[svlug] Fedora and ssh
Karsten M. Self
kmself at ix.netcom.com
Tue Jul 5 12:21:25 PDT 2005
Bill: can you please set Eudora to wrap lines at 72 characters?
on Fri, Jul 01, 2005 at 12:29:47AM -0700, Bill Hubbard (kwooda at netzero.net) wrote:
> I have a Linux box that someone set up for me a couple years ago with
> Fedora Core 1. It runs apache and Samba and that's about it. It has
> never been updated, and I just have a couple small web sites on it.
> My "new" Fedora Core 4 box is up and I'm playing with it, and just
> started using ssh. I installed PuTTY on my Windows box so I can log
> into my Linux box remotely. I have no problem doing this. However, I
> would like to be able to log into my older Linux box, but am having
> trouble doing so. There are two user account that I use when
> connecting via SAMBA, but these accounts don't let me log in either
> from the console or via ssh.
Can you log into them at all? If so, please describe.
Do you have the right passwords?
If no to either, you can do a single-user login as root by bypassing the
root password. Instructions here:
> I don't yet know enough about user accounts on Linux to understand
> why. How do I enable the account to allow me to log in via ssh?
In general, this Should Just Happen. It is possible to allow/deny SSH
access by user and/or location by several means, most usually:
- In /etc/ssh/sshd_config, the 'AllowUsers' or 'DenyUsers' directives.
These are lists of users who are explicitly allowed or denied access
to the system. man 5 sshd_config for details.
- sshd is compiled with "tcpwrappers" support. This means that the
files /etc/hosts.allow and /etc/hosts.deny can be used to permit or
deny at the host (actually: hostname or IP address) level who can /
cannot access the ssh daemon.
- If /etc/nologin exists, no non-root user can log in. Typically, SSH
is configured to deny root access as well. The reason being that
it's far more feasible to audit root access if users log in as
themselves, then su / sudo to root locally.
Another off-chance is that you've got SSH v1 and SSH v2 issues here, but
I doubt this given your description.
> I haven't been able to figure it out from the books I have.
/me looks at his bookcases full of tech books....
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
> That's nice, but totally beside the point.
If you put it on top, it will just fall off.
- Nick Moffitt strikes again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20050705/037d3a40/attachment.bin
More information about the svlug