3

After some months of not touching it I wanted to login to one of our virtual servers to update OpenSSL, because of the heartbleed thing. The server is running Debian 7, sudo is not installed.

I tried three ways:

  1. ssh root@server, password is accepted and then:

    Could not chdir to home directory /home/root: No such file or directory
Connection to server closed.

  2. Logging in as some other user and then su - root.

    No directory, logging in with HOME=/

    Then I am back to my usual shell, not logged in as root.

  3. Logging in as some other user and then su root. This gives nothing, I am simply back to the usual prompt, still logged in as the other user and not root.

I have no chance to manually restart the server before monday. Is there anything I could try to do to get a root shell? May the server be compromised and how could I check that (without root access)? Thank you!

In all cases, when typing the wrong password the machine complains as usual.

/root does exist and /etc/passwd lists the correct directory. I have no idea why ssh believes differently.

This may be important: Checking $? after the unsuccessful su call gives me a 1, which is System or authentication failure according to the man page of su. How can I make it more verbose?

As requested below, the output of ssh -v:

Last login: Fri Apr 11 17:47:46 2014 from some_client
Could not chdir to home directory /home/root: No such file or directory
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to server closed.
Transferred: sent 3136, received 2448 bytes, in 0.0 seconds
Bytes per second: sent 299688.7, received 233940.7
debug1: Exit status 1
janoliver
  • 1,776
  • 2
  • 19
  • 34
  • Not an answer. But if your server is running Debian 7, it is highly likely that the `OpenSSL` version would be 0.X which does not have any issue. :) – Ramesh Apr 11 '14 at 15:55
  • It is `OpenSSL 1.0.1f` – janoliver Apr 11 '14 at 15:56
  • Oh ok. In that case, you need to fix it :) I would highly recommend you to follow the steps mentioned in @Gile's post :) http://unix.stackexchange.com/questions/123711/how-do-i-recover-from-the-heartbleed-bug-in-openssl – Ramesh Apr 11 '14 at 15:59

1 Answers1

3

All the below contents are from here.

The error message implies that, the root's home directory is missing. You can recreate it with mkdir /root, but it'll be empty.

Normally, you should not log in directly as root. All direct root access should be disabled for remote logins and X sessions, although allowing root access from text-mode terminals can be a lifesaver when things go wrong. You should always log in as a real user and then use su or su - (and the root password, of course) to change to the root user.

However, in your case, the su is not effective since you still do not have the /root directory.

After creating /root directory, you still will have some default files missing.

The files you need are the default .bash_profile and .bashrc, these should be copied into /root. The leading . means the files are hidden, so you might have to do ls -a to see them.

EDIT

The actual issue turned out to be, for the root user, the shell was set to be /bin/false. This can be verified by issuing the command,

getent passwd root

In this case, the output of the above command turned out to be,

root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false

Which can be changed if you are having a sudo user or you should start the machine in single mode and edit the above setting.

Community
  • 1
Ramesh
  • 38,687
  • 43
  • 140
  • 215
  • Hi Ramesh, thank you for the answer. /root exists and is correctly listed in /etc/passwd. – janoliver Apr 11 '14 at 16:11
  • May be, is the root password expired? – Ramesh Apr 11 '14 at 16:13
  • Providing the wrong password results in the usual error message. Also I did never set up any expiry, especially not for the root user. – janoliver Apr 11 '14 at 16:15
  • Can you provide the output of this command `ssh -v root@host`? – Ramesh Apr 11 '14 at 16:16
  • I added it to the question. – janoliver Apr 11 '14 at 16:20
  • What is the permissions on `/` folder? It should be owned by root only. If you have `sudo` privileges for any user to issue shutdown command, even if you are doing `ssh` to this machine, you can always issue `shutdown -r now` and try restarting the machine. – Ramesh Apr 11 '14 at 16:32
  • `drwxr-xr-x 26 root root 4096 Dec 18 17:52 /` – janoliver Apr 11 '14 at 16:34
  • 1
    Sorry, can you run this command and provide the output? `getent passwd root` – Ramesh Apr 11 '14 at 16:42
  • Ahh, this looks promising. `root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false` Right, this appears to be an ldap issue, where another root user exists. How can I force su to use the local one? – janoliver Apr 11 '14 at 16:43
  • Do you have `vipw` enabled in your system? – Ramesh Apr 11 '14 at 16:47
  • it is installed, yes, but without sudo or su working I cannot use it. – janoliver Apr 11 '14 at 16:48
  • You have to login as single user in the machine and edit the `\etc\passwd` file . Do you have VNC server setup on these machines? – Ramesh Apr 11 '14 at 16:51
  • I don't, but our IT will be able to fix it now that the mistake is located. That will have to wait until monday, though. Thank you very much for your help! I am glad it turned out to be something harmless. – janoliver Apr 11 '14 at 16:52
  • Glad that I could help :) – Ramesh Apr 11 '14 at 16:53
  • @janoliver With a shell of `/bin/false` you won't be able to login. Use `su -s /bin/sh`. – Dubu Apr 12 '14 at 08:01
  • I of course tried that, but somehow it doesn't work. I guess that the system tries to authenticate me against the correct root account and then gets confused. I'll simply wait for our IT to fix it. – janoliver Apr 12 '14 at 08:49