I have a server (running on SunOS 5.8) that i always got into via telnet. I have eventually decided to block telnet access to it and instead look toward using SSH. The problem is, whne i establish the SSH connection via PuTTy, i get the "Log in as" prompt, but upon entering the username (root in this example) i get an error message saying "Disconnected:No Supported Authentication methods availalble".
This may be because i need to replicate keys on both PC and Server. so how do i go about doing this?
Alternativly, enable direct root logins by editing the /etc/ssh/sshd_config.
incredible is correct though, it's very bad practice to allow connections directly as root.
You may not be allowed to login as root on the SSH server
though this usually is per default allowed.
But as others wrote, for security reasons one wouldn't login as root but under some normal user account
and then su to root.
If the sshd_config file on your SSH server is world readable, or if you can login there as root
(remember to su
then you can check whether root logins are allowed by doing something like
that "disconnected" may be due to RSA-based version protocol problem in the config.
have a look at mine and see what you missed out.
#########################
# Step 1 # ftp files to server and put under /var/tmp/s8ssh
#########################
box1:/var/tmp >cd s8ssh
box1:/var/tmp/s8ssh >ls
openssh-4.7p1-sol8-sparc-local.gz prngd.start
openssl-0.9.8f-sol8-sparc-local.gz sshd.start
prngd-0.9.25-sol8-sparc-local.gz zlib-1.2.3-sol8-sparc-local.gz
#########################
# Step 2 # uncompress all the gzip'd files
#########################
box1:/var/tmp/s8ssh >for i in `ls -1 *.gz`
> do
> gzip -d $i
> done
box1:/var/tmp/s8ssh >ls
openssh-4.7p1-sol8-sparc-local prngd.start
openssl-0.9.8f-sol8-sparc-local sshd.start
prngd-0.9.25-sol8-sparc-local zlib-1.2.3-sol8-sparc-local
#########################
# Step 3 # install the packaes in this sequence
#########################
pkgadd -d openssl-0.9.8f-sol8-sparc-local
The following packages are available:
1 SMCosslc openssl
(sparc) 0.9.8f
box1:/var/tmp/s8ssh >pkgadd -d prngd-0.9.25-sol8-sparc-local
The following packages are available:
1 SMCprngd prngd
(sparc) 0.9.25
box1:/var/tmp/s8ssh >pkgadd -d zlib-1.2.3-sol8-sparc-local
The following packages are available:
1 SMCzlib zlib
(sparc) 1.2.3
box1:/var/tmp/s8ssh >pkgadd -d openssh-4.7p1-sol8-sparc-local
The following packages are available:
1 SMCosh471 openssh
(sparc) 4.7p1
#########################
# Step 4: Create startup scripts so it will fire off whenever server reboots
#########################
Startup Scripts:
Create a startup script for the ssh daemon.
/etc/init.d/sshd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#! /bin/sh
#
# start/stop the secure shell daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/sshd ]; then
echo "starting SSHD daemon"
/usr/local/sbin/sshd &
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep sshd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/sshd {start|stop}"
;;
esac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Make the script executable and create a startup script on run level 2.
box1:/ >chmod +x /etc/init.d/sshd
box1:/ >ln -s /etc/init.d/sshd /etc/rc2.d/S99sshd
#########################
# Step 5: same thing create startup scripts for prngd in /etc/init.d and link to /etc/rc2.d
#########################
Create a startup script for the pseudo random generator daemon.
/etc/init.d/prngd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
#! /bin/sh
#
# start/stop the pseudo random generator daemon
case "$1" in
'start')
# Start the ssh daemon
if [ -f /usr/local/sbin/prngd ]; then
echo "starting PRNG daemon"
/usr/local/sbin/prngd /var/spool/prngd/pool&
fi
;;
'stop')
# Stop the ssh deamon
PID=`/usr/bin/ps -e -u 0 | /usr/bin/fgrep prngd | /usr/bin/awk '{print $1}'`
if [ ! -z "$PID" ] ; then
/usr/bin/kill ${PID} >/dev/null 2>&1
fi
;;
*)
echo "usage: /etc/init.d/prngd {start|stop}"
;;
esac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
box1:/ >chmod +x /etc/init.d/prngd
box1:/ >ln -s /etc/init.d/prngd /etc/rc2.d/S99prngd
#########################
# Step 6: path it correctly(** remember to add to .profile also)
#########################
export PATH=/usr/bin:/usr/sbin:/opt:/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/proc/bin:/usr/openwin/bin:
/usr/openwin/sbin:/usr/local/ssl:.
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib:/usr/local/ssl/lib:.
#########################
# Step 7: startup the processes prngd first
#########################
box1:/etc/init.d >./prngd start
starting PRNG daemon
box1:/etc/init.d >Info: Random pool not (yet) seeded
Could not bind socket to /var/spool/prngd/pool: No such file or directory
Feb 1 14:50:19 box1 prngd[2730]: [ID 388259 daemon.alert] Could not bind soc
ket to /var/spool/prngd/pool: No such file or directory
#########################
# Step 8: create the missing folder then try again
#########################
box1:/etc/init.d >mkdir -p /var/spool/prngd
box1:/etc/init.d >./prngd start
starting PRNG daemon
box1:/etc/init.d >Info: Random pool not (yet) seeded
box1:/ >ps -ef |grep prngd
root 1246 1208 0 12:36:51 pts/7 0:00 grep prngd
root 1230 1 0 12:36:30 ? 0:00 /usr/local/sbin/prngd /var/spool/prngd/pool
#########################
# Step 9: start ssh process
#########################
box1:/etc/init.d >sshd start
ld.so.1: sshd: fatal: libgcc_s.so.1: open failed: No such file or directory
Killed
box1:/etc/init.d >
#########################
# Step 10: Install latest libgcc version (from sunfreeware.com)
#########################
box1:/var/tmp/s8ssh >pkgadd -d libgcc*
The following packages are available:
1 SMClgcc libgcc
(sparc) 3.4.6
Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]:
Processing package instance <SMClgcc> from </var/tmp/s8ssh/libgcc-3.4.6-sol8-spa
rc-local>
libgcc
(sparc) 3.4.6
FSF
Using </usr/local> as the package base directory.
## Processing package information.
## Processing system information.
1 package pathname is already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.
Installing libgcc as <SMClgcc>
## Installing part 1 of 1.
/usr/local/lib/libg2c.a
/usr/local/lib/libg2c.la
/usr/local/lib/libg2c.so <symbolic link>
/usr/local/lib/libg2c.so.0 <symbolic link>
/usr/local/lib/libg2c.so.0.0.0
/usr/local/lib/libgcc_s.so <symbolic link>
/usr/local/lib/libgcc_s.so.1
/usr/local/lib/libstdc++.a
/usr/local/lib/libstdc++.la
/usr/local/lib/libstdc++.so <symbolic link>
/usr/local/lib/libstdc++.so.6 <symbolic link>
/usr/local/lib/libstdc++.so.6.0.3
[ verifying class <none> ]
Installation of <SMClgcc> was successful.
box1:/var/tmp/s8ssh >
#########################
# Step 11: Try again
#########################
box1:/etc/init.d >./sshd start
starting SSHD daemon
box1:/etc/init.d >Could not load host key: /usr/local/etc/ssh_host_key
Could not load host key: /usr/local/etc/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
#########################
# Step 12: Create keys for V2
#########################
The errors above are due to the fact that we didn't create any key pairs for our ssh server.
Create a public key pair to support the new, DSA-based version 2 protocol
box1:/ >/usr/local/bin/ssh-keygen -d -f /usr/local/etc/ssh_host_dsa_key -N ""
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
ce:af:e5:96:e6:94:78:23:93:07:03:3a:0a:d0:90:1f root@box1
box1:/ >
#########################
# Step 13: Create keys also to cater for V1
#########################
Create a public key pair to support the old, RSA-based version 1 protocol
box1:/ >/usr/local/bin/ssh-keygen -b 1024 -f /usr/local/etc/ssh_host_rsa_key -t rsa -N ""
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
e9:7f:8d:2c:a1:64:66:4b:87:4a:14:99:0b:69:8e:dd root@box1
box1:/ >
#########################
# Step 14: startup ssh again
#########################
box1:/usr/local/etc >/etc/init.d/sshd start
starting SSHD daemon
box1:/usr/local/etc >Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
Missing privilege separation directory: /var/empty
#########################
# Step 15: vi sshd_config
#########################
box1:/usr/local/etc >ls
moduli ssh_host_dsa_key ssh_host_rsa_key.pub
prngd ssh_host_dsa_key.pub sshd_config
ssh_config ssh_host_rsa_key
box1:/usr/local/etc >
box1:/usr/local/etc >cat sshd_config | grep -i protocol
#Protocol 2,1
vi to edit ssh_config and uncomment the above line so it will look like this without the '#'
Protocol 2,1
box1:/etc/init.d >mkdir -p /var/empty
box1:/etc/init.d >./sshd start
starting SSHD daemon
box1:/etc/init.d >Could not load host key: /usr/local/etc/ssh_host_key
Disabling protocol version 1. Could not load host key
box1:/etc/init.d >ps -ef |grep ssh
root 2937 2816 0 15:31:19 pts/5 0:00 grep ssh
root 2934 1 0 15:31:07 ? 0:00 /usr/local/sbin/sshd
box1:/usr/local/etc >ps -ef| grep prngd
root 2944 2816 0 15:32:37 pts/5 0:00 grep prngd
root 2734 1 0 14:51:10 ? 0:00 /usr/local/sbin/prngd /var/spool/prngd/pool
Problems
---------
Using keyboard-interactive authentication.
Password:
Access denied
'#' back Protocol 2,1 in /usr/local/etc/sshd_config
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
