3

I was just wondering if it is normal that in the Ubuntu 14 provided by my cloud hosting company,there is this configuration in the file /etc/ssh/sshd_config :

PermitRootLogin without-password

instead of

PermitRootLogin yes

Therefore, it means that you have to use the build in console to login the 1st time (I was unable to login via SSH but it worked using the built in console)

Is it normal or I'm missing something with a public/private key concept?

Simon Paquet
  • 143
  • 1
  • 5

1 Answers1

2

PermitRootLogin

Specifies whether root can log in using ssh(1). The argument must be “yes”, “without-password”, “forced-commands-only”, or “no”. The default is “yes”.

If this option is set to “without-password”, password authentication is disabled for root.

If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.

If this option is set to “no”, root is not allowed to log in.

The PermitRootLogin option only allows key-based authentication.

Key-Auth vs. Pass-Auth

It's perfectly normal for your cloud host to provide you a root-login password with Key-Auth enabled. Perhaps they are expecting you to login via serial console through their administration panel. You know what I'm talking about, right? Accessing a VTY from their server. Bouncing from the admin panel into your VM.

When you have access, generate SSH keys.

Community
  • 1
Tyler Maginnis
  • 1,425
  • 11
  • 12
  • Thanks for the answer. I saw this particular example, but it does not explain why they are using this method as a default method when re-imaging the server. They sent me an email with the new root password and asked me to login via ssh which was impossible at that time – Simon Paquet Oct 02 '14 at 20:50
  • I understand, but they would ask me in the email to login via their console. Therefore, they are asking me to login via ssh.... I think it might have been a mistake from their part. – Simon Paquet Oct 02 '14 at 21:10
  • I think that you are correct. Their Standard of Practice does not make sense. Successful I.T. is about doing the same thing the same way every time, especially in Managed Hosting Provider industry space. Out of curiosity, which host are you using? – Tyler Maginnis Oct 02 '14 at 21:17
  • I am with cloudatcost.com which is just a cheap test cloud environment. Thanks for your help though, I'll accept this question therefore.... – Simon Paquet Oct 02 '14 at 21:19