Troubleshooting SSH Access

New to rockstor. Just did my first install on some new hardware. Setup my user account and password. Reading the docs, it seems that I should be able to SSH into the box. When I ssh to the box I get a prompt, but my password doesn’t work.

I added my public key (through the web gui), but still get the password prompt. Any suggestions?

Welcome to Rockstor community @nfarrar!

ssh login access is restricted to root user only. With your setup you should be able to sftp as your user. But not ssh login.

@nfarrar Since @suman just beat me to it I’ll just add “root@rockstor-ip”.

I don’t remember setting a root password during the install - just the password for my user account. When I attempt to ssh to the box as the root user - none of the passwords I ‘might have used if I forgot’ work. No idea what it is. Also, when I check the users, the root user exists, but no shell is set.

Also, these docs say that any ‘admin’ user has ssh access: Sounds like that’s incorrect?

root password is required for installation to proceed, but it’s not uncommon for us to forget the password :smile: Here’s the howto to reset the root password. That should help you regain root access to your Rockstor system.

Thanks for pointing out the outdated blog post, I’ve updated the post to reflect the current status.

Old thread - sorry, haven’t worked on this for awhile. I ended up getting root access back.
So - I’m in, but a couple other questions about the ssh configuration.

First - why is ssh access restricted to root? Are there specific reasons? In most circumstances, I prefer to disallow root logins (and password logins) and restrict specific users to key authentication only, with privilege escalation via sudo required with command logging. Generally, this is consistent with best security practices.

That being said - I didn’t find any documentation on why this is the way it is, or if I’ll break things (I’d rather not) by modifying this setup. Looking at /etc/ssh/sshd_config - I see:

#PermitRootLogin yes
#PubkeyAuthentication yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
AllowUsers root

I’d like to change this to something more like:

PermitRootLogin no
PubkeyAuthentication yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
AllowUsers nfarrar

But I have no idea what this might break. Suggestions?

this will not break anything, this will actually do just what you want , my reccomendation is do the following

sudo vi /etc/ssh/sshd_config

edit line
AllowUsers root nfarrar

save and exit by pushing esc then :wq

then restart the ssh service

sudo systemctl restart sshd

you should now be able to ssh into the machine

to have sudo access with the nfarrar account

ssh as root then use

usermod -aG wheel nfarrar
usermod -aG root nfarrar

this will add the account as a root user