Elevation blocker: PermitRootLogin
AnsweredAbout to elevate customer's Centos 7 box to Almalinux 8.
Running:
/scripts/elevate-cpanel --check --upgrade-to=almalinux
Results:
[ERROR] OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".
This implies that if PermitRootPassword isn't set, default is prohibit-password, which is false as we know that the default is yes.
Man page:
Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, without-password, forced-commands-only, or no. The default is yes.
If this option is set to prohibit-password or without-password, password and keyboard-interactive authentication are disabled for root. If this option is set to forced-commands-only, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root. If this option is set to no, root is not allowed to log in.
We added
PermitRootLogin yes
to /etc/ssh/ssh_config and restarted sshd, but the elevate script is still throwing the exact same error indicating the option is NOT in the conf file.
We changed
PermitRootLogin prohibit-password
to /etc/ssh/ssh_config and restarted sshd, but the elevate script is still throwing the exact same error indicating the option is NOT in the conf file.
1. What is PermitRootLogin supposed to be set for? We don't want to get into a situation where customer can't log in to their server.
2. Why isn't the elevate script seeing the PermitRootLogin option in /etc/ssh/sshd_config?
3. How does this affect the terminal window in WHM?
UPDATE: And then we realized we were editing /etc/ssh/ssh_config instead of /etc/ssh/sshd_config and then it worked.
ok nevermind.
-
Hey there - I'm glad you were able to find that workaround!
0 -
workaround = reading comprehension
:-)
0 -
Hahahaahahaha
0
Please sign in to leave a comment.
Comments
3 comments