From owner-freebsd-questions@FreeBSD.ORG Sun May 11 19:58:47 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF7F61065672 for ; Sun, 11 May 2008 19:58:47 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-19.bluehost.com (outbound-mail-19.bluehost.com [69.89.20.234]) by mx1.freebsd.org (Postfix) with SMTP id 5EF858FC1F for ; Sun, 11 May 2008 19:58:47 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 10948 invoked by uid 0); 11 May 2008 19:58:45 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by outboundproxy1.bluehost.com with SMTP; 11 May 2008 19:58:45 -0000 Received: from c-24-8-180-234.hsd1.co.comcast.net ([24.8.180.234] helo=demeter.hydra) by box183.bluehost.com with esmtpa (Exim 4.68) (envelope-from ) id 1JvHgz-0001PX-18 for freebsd-questions@freebsd.org; Sun, 11 May 2008 13:58:45 -0600 Received: by demeter.hydra (sSMTP sendmail emulation); Sun, 11 May 2008 13:58:46 -0600 Date: Sun, 11 May 2008 13:58:46 -0600 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20080511195846.GC81732@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <812883.11120.qm@web54010.mail.re2.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rQ2U398070+RC21q" Content-Disposition: inline In-Reply-To: <812883.11120.qm@web54010.mail.re2.yahoo.com> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.com} {sentby:smtp auth 24.8.180.234 authed with perrin@apotheon.com} DomainKey-Status: no signature Subject: Re: root login stops working X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2008 19:58:47 -0000 --rQ2U398070+RC21q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 10, 2008 at 11:50:46AM -0700, Dennis Flynn wrote: > I'm running FreeBSD wx.dennis-flynn.net 7.0-RELEASE FreeBSD 7.0-RELEASE #= 0: Sun Feb 24 19:59:52 UTC 2008 root@logan.cse.buffalo.edu:/usr/obj/usr= /src/sys/GENERIC i386 >=20 > About a day after install root login no longer works - even on the consol= e. >=20 > I see the following in /var/log/auth.log: > May 10 14:22:37 wx sshd[86223]: Accepted password for root from 10.11.12.= 104 port 1492 ssh2 > May 10 14:22:37 wx sshd[86223]: Received disconnect from 10.11.12.104: 0:= =20 I'd say this was expected behavior, since FreeBSD disbles direct root login over SSH by default (for good reason), but . . . >=20 > And in /var/log/messages: > May 10 14:27:51 wx kernel: pid 86237 (csh), uid 0: exited on signal 11 (c= ore dumped) =2E . . this looks suspicious. I'm pretty sure you don't get any core dumps when sshd refuses to let you log in as root. >=20 > New to FreeBSD after using Linux for a long time. I'd really like to get= this to workfor my web server/weather station which is currently running o= n Debian Linux. For security purposes, you should probably actually configure your Debian system to behave more like your FreeBSD system, with regard to SSH. Set the PermitRootLogin value in /etc/ssh/sshd_config to "no" to prevent remote logins over SSH as root. This behavior is intended as a security measure. To access root remotely, log in over SSH as an account that has su access, then su to root, rather than just logging in as root directly. To grant an account on FreeBSD su access to root, add it to the wheel group. --=20 CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] print substr("Just another Perl hacker", 0, -2); --rQ2U398070+RC21q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEARECAAYFAkgnT/YACgkQ9mn/Pj01uKVizgCeP42F0Z3TthulzzT1bvcXH02w OtMAoKNcsc3CQnwEvolW2dV2jKBW/Ew2 =3XIh -----END PGP SIGNATURE----- --rQ2U398070+RC21q--