44

I just installed Ubuntu 14.04 and LAMP on that. Then, I wanted to configure my server, so tried out This tutorial.

When I give the command:

ssh root@localhost

I get : Permission denied, please try again. I have logged in as root user through the command :

sudo -i

I also tried the same, by logging in through:

sudo -s

I use the same password as that I used to log in as user, but still am getting the same error message.

Could someone help me out here?

PS: I looked into This question but didn't seem to work for me.

Community
  • 1
vnay92
  • 543
  • 1
  • 4
  • 5
  • @EliahKagan He he, I had reported that as dupe of this before it had got an answer. :D – muru Aug 16 '14 at 03:37
  • @muru I think either way would be okay, but that one seems a little broader in sccope (more general), has more answers, and has answers suggesting a wider range of solutions. Either way they're closed, answers from one could be mod-merged into the other (or not). – Eliah Kagan Aug 16 '14 at 06:06
  • If your server is in anyway outward facing please don't enable SSH as root. This is asking for trouble. – Robby1212 Apr 24 '18 at 15:53

8 Answers8

85

By default, the SSH server denies password-based login for root. In /etc/ssh/sshd_config, if the following line exists, possibly commented out (with a # in front):

PermitRootLogin without-password

Then change it to the following, uncommenting if needed (remove the # in front):

PermitRootLogin yes

And restart SSH:

sudo service ssh restart

Or, you can use SSH keys. If you don't have one, create one using ssh-keygen (stick to the default for the key, and skip the password if you feel like it). Then do sudo -s (or whatever your preferred method of becoming root is), and add an SSH key to /root/.ssh/authorized_keys:

cat /home/user/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
muru
  • 207,970
  • I get this error: cat: /home/user/.ssh/id_rsa.pub: No such file or directory . – vnay92 Jul 15 '14 at 04:50
  • Ah. Sorry. I assumed you had an SSH key. As your user, do ssh-keygen (skip a password for the SSH key if you wish, and stick to the defaults for the rest) to create one. Also, I hope you replaced user with your actual username. – muru Jul 15 '14 at 04:52
  • Both the methods didn't work for me! I even checked my home folder; it's empty. What should I do? – Heich-B Jan 12 '19 at 16:51
  • @muru Maybe you can just mention that they need to remove the # at the beginning of the line in the config file to un-comment the line for anyone else who may not know – Alfa Bravo Jul 16 '20 at 07:12
  • This might help to get a feeling for without-password. – Timo Jun 07 '21 at 18:29
  • In Kali Linux's sshd_config, there's a line of "PasswordAuthentication no" need to change to yes before it can accept ssh root@ip access. I was blocked by that for several days before I figured that out. – JCQian Feb 14 '22 at 14:46
8

To me, works changing (Ubuntu 18.04):

  • sudo nano /etc/ssh/sshd_config
  • PermitRootLogin prohibit-password to PermitRootLogin yes
  • PasswordAuthentication no to PasswordAuthentication yes

then, restart ssh service:

  • sudo service ssh restart

Thanks!

Rildomar Lucena
  • 81
  • you can add to your answer: some default installations require changing root password for ssh as root directly, as is the case of Kali Rpi. – charles Jul 30 '20 at 22:18
8

In some cases, after change,

PermitRootLogin yes

must check this config:

DenyUsers root
AllowUsers saeid

and to enable login must change to:

#DenyUsers root
AllowUsers root OtherUser
muru
  • 207,970
Saeid
  • 216
4

If u have not given password for root and you are trying to fire command on spark or haddop like ./sbin/stop-all.sh or./sbin/start-all.sh . If you don't have a root password, you can setup one using

sudo passwd

and fire commands.

D Nilesh
  • 171
  • 6
2

Hackers will bang away with root user trying to brute force their way in. If you are going to allow root logins, you should definitely install Fail2Ban, or something similar to protect against brute force attacks. Also use a very hard to guess password without the use of common words.

And, as Vaindil pointed out, a key based login would be far superior. They are not very hard to setup. Here's a link to setup key-based login using PuTTY on windows: https://devops.profitbricks.com/tutorials/use-ssh-keys-with-putty-on-windows/ . But there are lots of others if you are using a different environment to login from.

mikekehrli
  • 121
1

I had a similar problem to this. I needed two PCs, one on Ubuntu and another on Arch, to sync files through Unison but ran into the same permission denied error. Just for the sake of those who are having the same problem as I was, here's what I did:

First: Installed the same version of Unison on both PCs. This was a bit challenging as the one available on the software center was behind to what was readily available for Arch. So, I couldn't find a higher version for Ubuntu, so I replaced the one on Arch with a lower one instead. Found one here: http://zdia.de/downloads/unison-2.40.102-linux-x86_64. The same version is in the software center for Ubuntu.

Second: Followed the steps from here: https://www.howtoforge.com/setting-up-unison-file-synchronization-between-two-servers-on-debian-squeeze (Note: Arch was my server 1 and Ubuntu was my server 2.)

I ran into a problem in step 3 as I tried to ssh-copy. But it was resolved by changing "id_dsa.pub" into "id_rsa.pub" in the "ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@192.168.0.101" line. Probably my fault, as I think I forgot to add "-t dsa". Anyway, try the original command first. IF you get an error, then change to rsa.

After following the steps above, I found I still couldn't get Unison to connect to the other server, neither can I log in (without Unison) through ssh to the other server. Finally,after hours of google searching, I was led to this page, and the answer given my Muru sealed the deal.

After applying it, I could now login via SSH to server 2.

So I ran Unison, and corrected the profile settings, and viola!

Tim
  • 33,510
Josh Buzz
  • 11
0

TL;DR and like to code in sed to circumvent permission denied in ssh

sed -i s/#\(PermitRootLogin*\).*/\1 yes/ /etc/ssh/sshd_config
Timo
  • 278
0

I faced similar issue with qemu login.
One of the issues could be that authorized_keys on the remote machine does not match with the host machine's key from where you are trying to login.

Copying the id_rsa.pub from host to authorized_keys of the remote PC should help.

zx485
  • 2,894
Nitesh Shetty
  • 1