44

I just installed Ubuntu 14.04 and LAMP on that. Then, I wanted to configure my server, so tried out This tutorial.

When I give the command:

ssh root@localhost

I get : Permission denied, please try again. I have logged in as root user through the command :

sudo -i

I also tried the same, by logging in through:

sudo -s

I use the same password as that I used to log in as user, but still am getting the same error message.

Could someone help me out here?

PS: I looked into This question but didn't seem to work for me.

Community
  • 1
vnay92
  • 543

8 Answers8

85

By default, the SSH server denies password-based login for root. In /etc/ssh/sshd_config, if the following line exists, possibly commented out (with a # in front):

PermitRootLogin without-password

Then change it to the following, uncommenting if needed (remove the # in front):

PermitRootLogin yes

And restart SSH:

sudo service ssh restart

Or, you can use SSH keys. If you don't have one, create one using ssh-keygen (stick to the default for the key, and skip the password if you feel like it). Then do sudo -s (or whatever your preferred method of becoming root is), and add an SSH key to /root/.ssh/authorized_keys:

cat /home/user/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
muru
  • 207,228
8

To me, works changing (Ubuntu 18.04):

  • sudo nano /etc/ssh/sshd_config
  • PermitRootLogin prohibit-password to PermitRootLogin yes
  • PasswordAuthentication no to PasswordAuthentication yes

then, restart ssh service:

  • sudo service ssh restart

Thanks!

Rildomar Lucena
  • 81
8

In some cases, after change,

PermitRootLogin yes

must check this config:

DenyUsers root
AllowUsers saeid

and to enable login must change to:

#DenyUsers root
AllowUsers root OtherUser
muru
  • 207,228
Saeid
  • 216
4

If u have not given password for root and you are trying to fire command on spark or haddop like ./sbin/stop-all.sh or./sbin/start-all.sh . If you don't have a root password, you can setup one using

sudo passwd

and fire commands.

D Nilesh
  • 171
2

Hackers will bang away with root user trying to brute force their way in. If you are going to allow root logins, you should definitely install Fail2Ban, or something similar to protect against brute force attacks. Also use a very hard to guess password without the use of common words.

And, as Vaindil pointed out, a key based login would be far superior. They are not very hard to setup. Here's a link to setup key-based login using PuTTY on windows: https://devops.profitbricks.com/tutorials/use-ssh-keys-with-putty-on-windows/ . But there are lots of others if you are using a different environment to login from.

mikekehrli
  • 121
1

I had a similar problem to this. I needed two PCs, one on Ubuntu and another on Arch, to sync files through Unison but ran into the same permission denied error. Just for the sake of those who are having the same problem as I was, here's what I did:

First: Installed the same version of Unison on both PCs. This was a bit challenging as the one available on the software center was behind to what was readily available for Arch. So, I couldn't find a higher version for Ubuntu, so I replaced the one on Arch with a lower one instead. Found one here: http://zdia.de/downloads/unison-2.40.102-linux-x86_64. The same version is in the software center for Ubuntu.

Second: Followed the steps from here: https://www.howtoforge.com/setting-up-unison-file-synchronization-between-two-servers-on-debian-squeeze (Note: Arch was my server 1 and Ubuntu was my server 2.)

I ran into a problem in step 3 as I tried to ssh-copy. But it was resolved by changing "id_dsa.pub" into "id_rsa.pub" in the "ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@192.168.0.101" line. Probably my fault, as I think I forgot to add "-t dsa". Anyway, try the original command first. IF you get an error, then change to rsa.

After following the steps above, I found I still couldn't get Unison to connect to the other server, neither can I log in (without Unison) through ssh to the other server. Finally,after hours of google searching, I was led to this page, and the answer given my Muru sealed the deal.

After applying it, I could now login via SSH to server 2.

So I ran Unison, and corrected the profile settings, and viola!

Tim
  • 33,500
Josh Buzz
  • 11
0

TL;DR and like to code in sed to circumvent permission denied in ssh

sed -i s/#\(PermitRootLogin*\).*/\1 yes/ /etc/ssh/sshd_config
Timo
  • 277
0

I faced similar issue with qemu login.
One of the issues could be that authorized_keys on the remote machine does not match with the host machine's key from where you are trying to login.

Copying the id_rsa.pub from host to authorized_keys of the remote PC should help.

zx485
  • 2,865
Nitesh Shetty
  • 1