Problem with passwd and ssh

[aditya3098]

I was trying to change the home dir for root from /tmp/root to /home/root and made the edits to /etc/passwd. I am now unable to ssh into my kindle as it rejects the password. The thing is, if I use the kindle XTerm, and type in 'login', enter in root as user and my password, it works. How can I get the ssh working again?
Also, if I restore the original passwd file, it gets back to normal

[geekmaster]

Quote:

Originally Posted by aditya3098

I was trying to change the home dir for root from /tmp/root to /home/root and made the edits to /etc/passwd. I am now unable to ssh into my kindle as it rejects the password. The thing is, if I use the kindle XTerm, and type in 'login', enter in root as user and my password, it works. How can I get the ssh working again?
Also, if I restore the original passwd file, it gets back to normal

Did you create the /home/root directory?

My K5 does not have a /home directory.

Perhaps you should make it /mnt/us/home/root?

[aditya3098]

I created both /home and /home/root
As iv'e mentioned, it worked on XTERM

[geekmaster]

Quote:

Originally Posted by aditya3098

I created both /home and /home/root
As iv'e mentioned, it worked on XTERM

Perhaps SSH wants a writable /home/root?

Why not use /mnt/us/root instead?

[hawhill]

It shouldn't.

But since xterm access is in place, I'd suggest running the SSH daemon in foreground and debugging mode to see what's going on. Also, on the client side debug output would be useful to see in what stage of SSH handshake it breaks. For the OpenSSH client, hand it the "-vvv" switch and it will output verbose information (please don't copy verbatim in a post, at least use a Spoiler section here in the forum). The server would have to be killed and started again (or run a second instance on another port). The OpenSSH server knows about the "-d" flag and it will not go to background and report information.

[aditya3098]

I can't have /mnt/us/root because I want to store synlinks in my home dir. Also, even if I just modify my shell from /bin/sh to /bin/bash (from that bash for kindle thread), It still won't work. Absolutely any change to /etc/passwd disables ssh.

[knc1]

Quote:

Originally Posted by aditya3098

I was trying to change the home dir for root from /tmp/root to /home/root and made the edits to /etc/passwd. I am now unable to ssh into my kindle as it rejects the password. The thing is, if I use the kindle XTerm, and type in 'login', enter in root as user and my password, it works. How can I get the ssh working again?
Also, if I restore the original passwd file, it gets back to normal

The home directory is /root
It is not located under the /home sub-tree.

To move it (which may break other things) you need to change the home directory field of /etc/passwd

And it reads as if you did that part.

The ssh server looks for the matching key in ~/.ssh/authorized_keys
Where home (~) is set to /home/<username> except for username "root".
Which could be a lookup of /etc/passwd but is more likely hard coded in the ssh server as: /root
Mainly because the home directory of the administrator hasn't changed since K&R (plus others) wrote Unix.

But if your going to move the home directory of root, then you need to move its entire contents (including hidden directories like: .ssh and its contents).

Translation: It reads as if you left the .ssh/authorized_keys file behind when you moved root.

[aditya3098]

There IS no .ssh directory. The root gets wiped at every reboot, too (/var/tmp/root, that's why I changed it in the first place)

[knc1]

Quote:

Originally Posted by aditya3098

There IS no .ssh directory. The root gets wiped at every reboot, too (/var/tmp/root, that's why I changed it in the first place)

Then I guess you just answered your own question about why key authentication does not work, only password authentication.

[aditya3098]

Oh, by "password was rejected" I ment the password came out as invalid

Code:

aditya@aditya-desktop:~$ ssh root@192.168.1.5
root@192.168.1.5's password: 
Permission denied, please try again.
root@192.168.1.5's password: 
Permission denied, please try again.
root@192.168.1.5's password: 
Permission denied (publickey,password).
aditya@aditya-desktop:~$

I never used pubkey auth.

I am guessing it's something to do with the /etc/shadow file

[knc1]

Quote:

Originally Posted by aditya3098

Oh, by "password was rejected" I ment the password came out as invalid

Code:

aditya@aditya-desktop:~$ ssh root@192.168.1.5
root@192.168.1.5's password: 
Permission denied, please try again.
root@192.168.1.5's password: 
Permission denied, please try again.
root@192.168.1.5's password: 
Permission denied (publickey,password).
aditya@aditya-desktop:~$

I never used pubkey auth.

I am guessing it's something to do with the /etc/shadow file

Ah, So, I mis-understood.

The ssh server does use /etc/password and /etc/shadow for "password authentication".

[aditya3098]

How do you update the shadow file? There was something on pwconv but that needs debian, right? And libSElinux?

[knc1]

Quote:

Originally Posted by aditya3098

How do you update the shadow file? There was something on pwconv but that needs debian, right? And libSElinux?

passwd root
*or*
Do you have Linux on any other machine?
Just cut and paste the "root" line of /etc/shadow from the machine with the password you know to the Kindle.

[geekmaster]

Quote:

Originally Posted by knc1

passwd root
*or*
Do you have Linux on any other machine?
Just cut and paste the "root" line of /etc/shadow from the machine with the password you know to the Kindle.

Cut/paste will keep the original 8-character DES password. "passwd root" will create a new MD5 password. When logging in with a DES password, and characters entered past 8 are ignored.

[knc1]

True, but so what? Just as long as the user knows what the clear text password is.