public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] root can't login on console, but can ssh...
@ 2007-07-17 22:46 Daevid Vincent
  0 siblings, 0 replies; 7+ messages in thread
From: Daevid Vincent @ 2007-07-17 22:46 UTC (permalink / raw
  To: gentoo-user

I have a LAMP development VMWare setup so that I can login as root sans
password. 

This was working fine until something recently changed that. 
It doesn't even prompt for the password, it just timesout after 60
seconds.

Oddly I can ssh in as root (without the password as expected).

I have my "daevid" account without password and that logs in fine on the
console and ssh.

I can circumvent this behaviour by logging in as 'daevid', then 'sudo su
-' (which doesn't prompt for pw either), but I'd like it to work the way
it did.

Perhaps it was some PAM thing? Or login.defs? Or in pam.d/ ?

LAMP pam.d # cat login 
#%PAM-1.0

auth       required     pam_securetty.so
auth       required     pam_tally.so file=/var/log/faillog onerr=succeed
no_magic_root
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       include      system-auth

account    required     pam_access.so
account    include      system-auth
account    required     pam_tally.so deny=0 file=/var/log/faillog
onerr=succeed no_magic_root

password   include      system-auth

session    required     pam_env.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so motd=/etc/motd
session    optional     pam_mail.so

# If you want to enable pam_console, uncomment the following line
# and read carefully README.pam_console in /usr/share/doc/pam*
#session    optional    pam_console.so

session    include      system-auth


LAMP ~ # cat /etc/securetty    
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
vc/0
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
vc/12
tty0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tts/0
ttyS0
 

ÐÆ5ÏÐ 


--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 7+ messages in thread

* [gentoo-user] root can't login on console, but can ssh...
@ 2007-09-13 19:43 Daevid Vincent
  2007-09-13 20:07 ` Philip Webb
  2007-09-14 17:07 ` Mark Shields
  0 siblings, 2 replies; 7+ messages in thread
From: Daevid Vincent @ 2007-09-13 19:43 UTC (permalink / raw
  To: gentoo-user

I've posted this about two months ago without any replies. I've been
googling and trying things, but still can't get this to work like it used
to.

I simply want root to be able to login from console (tty[1-6]) or ssh
(pts/[0-9]) without a password. Currently ssh does work fine. It's only the
physical console that doesn't.

This WAS working perfectly, then PAM or some other ebuild "broke it" on me.

Just for sanity, I even assigned root a password, I now get a "Password"
prompt, but it STILL can't login. (positive I'm typing it right) It says
"Login incorrect".

-----Original Message-----
From: Daevid Vincent [mailto:daevid@daevid.com] 
Sent: Tuesday, July 17, 2007 3:47 PM
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] root can't login on console, but can ssh...

I have a LAMP development VMWare setup so that I can login as root sans
password. 

This was working fine until something recently changed that. 
It doesn't even prompt for the password, it just timesout after x
seconds.

Oddly I can ssh in as root (without the password as expected).

I have my "daevid" account without password and that logs in fine on the
console and ssh.

I can circumvent this behaviour by logging in as 'daevid', then 'sudo su
-' (which doesn't prompt for pw either), but I'd like it to work the way
it did.

Perhaps it was some PAM thing? Or login.defs? Or in pam.d/ ?

LAMP pam.d # cat login 
#%PAM-1.0

auth       required     pam_securetty.so
auth       required     pam_tally.so file=/var/log/faillog onerr=succeed
no_magic_root
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       include      system-auth

account    required     pam_access.so
account    include      system-auth
account    required     pam_tally.so deny=0 file=/var/log/faillog
onerr=succeed no_magic_root

password   include      system-auth

session    required     pam_env.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so motd=/etc/motd
session    optional     pam_mail.so

# If you want to enable pam_console, uncomment the following line
# and read carefully README.pam_console in /usr/share/doc/pam*
#session    optional    pam_console.so

session    include      system-auth


LAMP ~ # cat /etc/securetty    
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
console
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
vc/0
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
vc/12
tty0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tts/0
ttyS0
 

ÐÆ5ÏÐ 


-- 
gentoo-user@gentoo.org mailing list


--
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] root can't login on console, but can ssh...
  2007-09-13 19:43 [gentoo-user] root can't login on console, but can ssh Daevid Vincent
@ 2007-09-13 20:07 ` Philip Webb
  2007-09-14 11:54   ` Hans-Werner Hilse
  2007-09-14 17:07 ` Mark Shields
  1 sibling, 1 reply; 7+ messages in thread
From: Philip Webb @ 2007-09-13 20:07 UTC (permalink / raw
  To: gentoo-user

070913 Daevid Vincent wrote:
> I simply want root to be able to login from console (tty[1-6])
> or ssh (pts/[0-9]) without a password. Currently ssh does work fine.
> It's only the physical console that doesn't.

There is a provision somewhere to disallow root logins,
so that mb your problem rather than anything to do with passwords:
have a look in such places as  /etc/login*  &  /etc/security/* .
Just a quick suggestion in the absence of more informative help.

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : purslow@chass.utoronto.ca
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] root can't login on console, but can ssh...
  2007-09-13 20:07 ` Philip Webb
@ 2007-09-14 11:54   ` Hans-Werner Hilse
  0 siblings, 0 replies; 7+ messages in thread
From: Hans-Werner Hilse @ 2007-09-14 11:54 UTC (permalink / raw
  To: gentoo-user

Hi,

On Thu, 13 Sep 2007 16:07:02 -0400 Philip Webb <purslow@sympatico.ca>
wrote:

> 070913 Daevid Vincent wrote:
> > I simply want root to be able to login from console (tty[1-6])
> > or ssh (pts/[0-9]) without a password. Currently ssh does work fine.
> > It's only the physical console that doesn't.
> 
> There is a provision somewhere to disallow root logins,
> so that mb your problem rather than anything to do with passwords:
> have a look in such places as  /etc/login*  &  /etc/security/* .
> Just a quick suggestion in the absence of more informative help.

/etc/pam.d if using PAM. Special attention to the nullok option to
pam_unix. Also see the man page for pam_unix. Exceptionally stupid idea
to do this but since the OP insists... (Free tip: sudo is better in most
cases)

-hwh
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] root can't login on console, but can ssh...
  2007-09-13 19:43 [gentoo-user] root can't login on console, but can ssh Daevid Vincent
  2007-09-13 20:07 ` Philip Webb
@ 2007-09-14 17:07 ` Mark Shields
  2007-09-14 22:52   ` Daevid Vincent
  1 sibling, 1 reply; 7+ messages in thread
From: Mark Shields @ 2007-09-14 17:07 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 3346 bytes --]

On 9/13/07, Daevid Vincent <daevid@daevid.com> wrote:
>
> I've posted this about two months ago without any replies. I've been
> googling and trying things, but still can't get this to work like it used
> to.
>
> I simply want root to be able to login from console (tty[1-6]) or ssh
> (pts/[0-9]) without a password. Currently ssh does work fine. It's only
> the
> physical console that doesn't.
>
> This WAS working perfectly, then PAM or some other ebuild "broke it" on
> me.
>
> Just for sanity, I even assigned root a password, I now get a "Password"
> prompt, but it STILL can't login. (positive I'm typing it right) It says
> "Login incorrect".
>
> -----Original Message-----
> From: Daevid Vincent [mailto:daevid@daevid.com]
> Sent: Tuesday, July 17, 2007 3:47 PM
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] root can't login on console, but can ssh...
>
> I have a LAMP development VMWare setup so that I can login as root sans
> password.
>
> This was working fine until something recently changed that.
> It doesn't even prompt for the password, it just timesout after x
> seconds.
>
> Oddly I can ssh in as root (without the password as expected).
>
> I have my "daevid" account without password and that logs in fine on the
> console and ssh.
>
> I can circumvent this behaviour by logging in as 'daevid', then 'sudo su
> -' (which doesn't prompt for pw either), but I'd like it to work the way
> it did.
>
> Perhaps it was some PAM thing? Or login.defs? Or in pam.d/ ?
>
> LAMP pam.d # cat login
> #%PAM-1.0
>
> auth       required     pam_securetty.so
> auth       required     pam_tally.so file=/var/log/faillog onerr=succeed
> no_magic_root
> auth       required     pam_shells.so
> auth       required     pam_nologin.so
> auth       include      system-auth
>
> account    required     pam_access.so
> account    include      system-auth
> account    required     pam_tally.so deny=0 file=/var/log/faillog
> onerr=succeed no_magic_root
>
> password   include      system-auth
>
> session    required     pam_env.so
> session    optional     pam_lastlog.so
> session    optional     pam_motd.so motd=/etc/motd
> session    optional     pam_mail.so
>
> # If you want to enable pam_console, uncomment the following line
> # and read carefully README.pam_console in /usr/share/doc/pam*
> #session    optional    pam_console.so
>
> session    include      system-auth
>
>
> LAMP ~ # cat /etc/securetty
> # /etc/securetty: list of terminals on which root is allowed to login.
> # See securetty(5) and login(1).
> console
> pts/0
> pts/1
> pts/2
> pts/3
> pts/4
> pts/5
> pts/6
> pts/7
> pts/8
> vc/0
> vc/1
> vc/2
> vc/3
> vc/4
> vc/5
> vc/6
> vc/7
> vc/8
> vc/9
> vc/10
> vc/11
> vc/12
> tty0
> tty1
> tty2
> tty3
> tty4
> tty5
> tty6
> tty7
> tty8
> tty9
> tty10
> tty11
> tty12
> tts/0
> ttyS0
>
>
> ÐÆ5ÏÐ
>
>
> --
> gentoo-user@gentoo.org mailing list
>
>
> --
> gentoo-user@gentoo.org mailing list
>
>
Check out /etc/securetty (man securetty).  There should be at least one
uncommented entry listing 'tty1' if you want to be able to log in with just
the first virtual terminal, or if you want root to be allowed on all virtual
terminals, add tty1 through tty12.

-- 
- Mark Shields

[-- Attachment #2: Type: text/html, Size: 4640 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [gentoo-user] root can't login on console, but can ssh...
  2007-09-14 17:07 ` Mark Shields
@ 2007-09-14 22:52   ` Daevid Vincent
  2007-09-15  7:53     ` Mick
  0 siblings, 1 reply; 7+ messages in thread
From: Daevid Vincent @ 2007-09-14 22:52 UTC (permalink / raw
  To: gentoo-user; +Cc: 'Mark Shields'

[-- Attachment #1: Type: text/plain, Size: 3231 bytes --]

 


  _____  

From: Mark Shields [mailto:laebshade@gmail.com] 
Sent: Friday, September 14, 2007 10:07 AM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] root can't login on console, but can ssh...


On 9/13/07, Daevid Vincent <daevid@daevid.com> wrote: 


I've posted this about two months ago without any replies. I've been
googling and trying things, but still can't get this to work like it used
to.

I simply want root to be able to login from console (tty[1-6]) or ssh 
(pts/[0-9]) without a password. Currently ssh does work fine. It's only the
physical console that doesn't.

This WAS working perfectly, then PAM or some other ebuild "broke it" on me.

Just for sanity, I even assigned root a password, I now get a "Password"
prompt, but it STILL can't login. (positive I'm typing it right) It says
"Login incorrect".

-----Original Message----- 
From: Daevid Vincent [mailto:daevid@daevid.com]
Sent: Tuesday, July 17, 2007 3:47 PM
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] root can't login on console, but can ssh... 

I have a LAMP development VMWare setup so that I can login as root sans
password.

This was working fine until something recently changed that.
It doesn't even prompt for the password, it just timesout after x 
seconds.

Oddly I can ssh in as root (without the password as expected).

I have my "daevid" account without password and that logs in fine on the
console and ssh.

I can circumvent this behaviour by logging in as 'daevid', then 'sudo su 
-' (which doesn't prompt for pw either), but I'd like it to work the way
it did.

Perhaps it was some PAM thing? Or login.defs? Or in pam.d/ ?

LAMP pam.d # cat login
#%PAM-1.0

auth       required     pam_securetty.so 
auth       required     pam_tally.so file=/var/log/faillog onerr=succeed
no_magic_root
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       include      system-auth

account    required     pam_access.so
account    include      system-auth
account    required     pam_tally.so deny=0 file=/var/log/faillog
onerr=succeed no_magic_root

password   include      system-auth

session    required     pam_env.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so motd=/etc/motd
session    optional     pam_mail.so

# If you want to enable pam_console, uncomment the following line 
# and read carefully README.pam_console in /usr/share/doc/pam*
#session    optional    pam_console.so

session    include      system-auth

LAMP ~ # cat /etc/securetty
# /etc/securetty: list of terminals on which root is allowed to login. 
# See securetty(5) and login(1).
console
pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
vc/0
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
vc/12
tty0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12
tts/0
ttyS0



Check out /etc/securetty (man securetty).  There should be at least one
uncommented entry listing 'tty1' if you want to be able to log in with just
the first virtual terminal, or if you want root to be allowed on all virtual
terminals, add tty1 through tty12. 

- Mark Shields   

Thanks Mark for the reply, however, don't I already have those set in
/etc/securetty (as shown above)??

[-- Attachment #2: Type: text/html, Size: 5961 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] root can't login on console, but can ssh...
  2007-09-14 22:52   ` Daevid Vincent
@ 2007-09-15  7:53     ` Mick
  0 siblings, 0 replies; 7+ messages in thread
From: Mick @ 2007-09-15  7:53 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1324 bytes --]

On Friday 14 September 2007, Daevid Vincent wrote:
>   _____
>
> From: Mark Shields [mailto:laebshade@gmail.com]
> Sent: Friday, September 14, 2007 10:07 AM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] root can't login on console, but can ssh...
>
>
> On 9/13/07, Daevid Vincent <daevid@daevid.com> wrote:
>
>
> I've posted this about two months ago without any replies. I've been
> googling and trying things, but still can't get this to work like it used
> to.
>
> I simply want root to be able to login from console (tty[1-6]) or ssh
> (pts/[0-9]) without a password. Currently ssh does work fine. It's only the
> physical console that doesn't.
[snip...]
>
> Check out /etc/securetty (man securetty).  There should be at least one
> uncommented entry listing 'tty1' if you want to be able to log in with just
> the first virtual terminal, or if you want root to be allowed on all
> virtual terminals, add tty1 through tty12.

> Thanks Mark for the reply, however, don't I already have those set in
> /etc/securetty (as shown above)??

I am not sure if pam will allow you to do what you want (perhaps it is a 
matter of setting it up accordingly, but haven't looked into it).  Have you 
tried removing pam to see if login without passwds can happen?
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2007-09-15  8:06 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-13 19:43 [gentoo-user] root can't login on console, but can ssh Daevid Vincent
2007-09-13 20:07 ` Philip Webb
2007-09-14 11:54   ` Hans-Werner Hilse
2007-09-14 17:07 ` Mark Shields
2007-09-14 22:52   ` Daevid Vincent
2007-09-15  7:53     ` Mick
  -- strict thread matches above, loose matches on Subject: below --
2007-07-17 22:46 Daevid Vincent

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox