Page MenuHomePhabricator

"set service ssh allow-root" is not enough to root system-access via ssh
Closed, ResolvedPublic

Description

If we try with user vyos... OK

So, something is missed into system to allow root-ssh-access.

OK. We need to hack /etc/ssh/sshd_config
and change
PermitRootLogin yes.

Details

Difficulty level
Easy (less than an hour)
mdsmds created this task.Oct 3 2016, 4:00 PM
mdsmds updated the task description. (Show Details)Oct 4 2016, 8:10 AM
syncer triaged this task as Low priority.
syncer added a subscriber: VyOS 1.1.x (1.1.8).
syncer edited subscribers, added: VyOS 1.2 Crux; removed: EwaldvanGeffen, VyOS 1.1.x (1.1.8).

but if we look at /etc/ssh/sshd_config
there is no
PermitRootLogin yes... and more, if we manually add this line, login as root is not permitted as well.

more:
in "/etc/ssh/sshd_config" we must manually locate the line with "PermitRootLogin" and set to "PermitRootLogin yes".

The
vyatta-cfg-system/templates/service/ssh/allow-root/node.def
does not work because in sshd_config the line is not
"PermitRootLogin no" but instead "PermitRootLogin without-password".

So, it does not change anything.

Okay, so maybe we should expand the configuration in that case a little. Let's make it replace whatever value is found and allow all three options in the CLI?

yes, I think so, otherwise allow-root actually has no effect :)

@mdsmds you sure that is not it's intended purpose; scare away people from enabling root on their boxes ;p I'm hoping to have some time soon to do some small stuff like this.

@EwaldvanGeffen I could agree...

  1. completely remove "allow-root" from "set service ssh"

or

  1. let it really operating

but one of two.

Thanks