OpenSSH rejecting root password when trying to ssh using root@ip

Hey there,
I am currently trying to establish a ssh-connection between two of my pcs. Both are running Manjaro 5.14.10-1 with openssh installed. My goal is execute bash commands via shh on the other machine without it asking me for a (root) password.

I created the Key Pair using:

ssh-keygen -t ed25519  -f ~/.ssh/my-file.ppk

And tried copying the public key to the other machine using:

ssh-copy-id -i ~/.ssh/my-file.ppk.pub root@ip_of_machine

As expected it asked me for the root password. But it always rejects the password:

ssh-copy-id -i ~/.ssh/my-file.ppk.pub root@ip_of_machine
root@ip_of_machine's password:
Permission denied, please try again.

Same happens when trying to just login via ssh to root@ip_of_machine.

I am sure I am using the correct password because it works when I use it for su on the other machine. My caps lock is off and I am certain I didn’t misspell it like 50 time xD.

I don’t really know how to troubleshoot this problem.
Hoping for smarter people then me :slight_smile:

Look at the following settings in /etc/ssh/sshd_config. :arrow_down:

#PermitRootLogin prohibit-password
PermitRootLogin no

Disclaimer: You should never ever allow for a root login over ssh ─ passwordless or otherwise. Never. ¹ Log in as a regular user and use su - or sudo.

¹ Did I mention “never”?

1 Like

Hey thanks for your answer. I am currently not able to check whether this will solve my problem but it sounds like the cause.

Just another quick question: After enabling this option it will still ask for the root password, so that others will need the password and my machines can use the generated private and public key, won’t it?

If you want passwordless root logins, then you have to enable PermitRootLogin prohibit-password and set PermitRootLogin to yes. Also make sure that the following line in /etc/pam.d/sshd is commented out. :arrow_down:

auth      requisite  pam_securetty.so

It may say required in your version, but the line needs to be commented out in order to allow remote root logins.

For passwordless remote logins for unprivileged users via authentication keys, you have to set that up separately. See… :arrow_down:

man sshd_config

… for more information.

  • I have modified the guide to use a default Manjaro instance instead of the VPS example.

Copy the public keyfile to a non root user with sudo privilege on the device.

Then connect as that user and copy the keyfile to the root location.

Security advise: Do not ever enable password login for root user.

The ONLY possible exception is if it is something on your lan - inaccessible from the internet. Even then - it is not advisable due to the possible vulnerability.

Also remember that repeatedly trying to login with password (brute force password guessing) will block the user in question and you do not want your root user locked out :slight_smile:

1 Like

If you use a ssh-agent, you could unlock a key manually (please be sure to use a good passphrase for this key). The key is kept secure in memory by the agent.

Then after that you will not be asked for a password to start a script on pc1 that logs into pc2 and performs some task(as root). But this is only permitted after you login, and unlock the key on pc1.

Do NOT (never !) create a key without passphrase !

:sunglasses:

If the task on pc2 can be done without being root, then this is the best way to go. The permission-system of linux has a lot of possibilities.
It may be possible to create a separate user which is only allowed to execute a special script as “admin” with sudo.
It is also possible to restrict the ssh-account of such a user, so it is only possible to execute a certain script.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.