starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-27 09:45:54 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #357] After running the hardening script, we are unable to log in with the root user credentials #80

New issue
Closed
opened 2026-03-03 13:58:58 +03:00 by kerem · 8 comments
kerem commented 2026-03-03 13:58:58 +03:00
Owner
Copy link

Originally created by @rajualap on GitHub (Jan 5, 2024).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/357

Originally assigned to: @konstruktoid on GitHub.

{{ tools.context.actor }}: {{ tools.context.sha }}
After running the hardening script, we are unable to log in with the root user credentials and getting the below error

pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root
Jan 5 06:18:23 ip-10-21-16-65 sshd[212573]: Failed password for root from 127.0.0.1 port 46442 ssh2
Jan 5 06:18:23 ip-10-21-16-65 sshd[212573]: fatal: Timeout before authentication for 127.0.0.1 port 46442
Jan 5 06:28:21 ip-10-21-16-65 CRON[223825]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Jan 5 06:28:21 ip-10-21-16-65 CRON[223826]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)

After giving to correct password also not able to login @konstruktoid

How to fix it i need to allow root user login.? Please help here

Thanks
Raju Alapati

Originally created by @rajualap on GitHub (Jan 5, 2024). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/357 Originally assigned to: @konstruktoid on GitHub. {{ tools.context.actor }}: {{ tools.context.sha }} After running the hardening script, we are unable to log in with the root user credentials and getting the below error **pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1 user=root Jan 5 06:18:23 ip-10-21-16-65 sshd[212573]: Failed password for root from 127.0.0.1 port 46442 ssh2 Jan 5 06:18:23 ip-10-21-16-65 sshd[212573]: fatal: Timeout before authentication for 127.0.0.1 port 46442 Jan 5 06:28:21 ip-10-21-16-65 CRON[223825]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0) Jan 5 06:28:21 ip-10-21-16-65 CRON[223826]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)** After giving to correct password also not able to login @konstruktoid How to fix it i need to allow root user login.? Please help here Thanks Raju Alapati
kerem closed this issue 2026-03-03 13:58:58 +03:00
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Jan 5, 2024):

Hi @rajualap
That's correct, the root user aren't allowed to login in using ssh: https://github.com/konstruktoid/hardening/blob/master/scripts%2Fsshdconfig#L40

<!-- gh-comment-id:1878213426 --> @konstruktoid commented on GitHub (Jan 5, 2024): Hi @rajualap That's correct, the root user aren't allowed to login in using ssh: https://github.com/konstruktoid/hardening/blob/master/scripts%2Fsshdconfig#L40
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@rajualap commented on GitHub (Jan 5, 2024):

Hi @rajualap That's correct, the root user aren't allowed to login in using ssh: https://github.com/konstruktoid/hardening/blob/master/scripts%2Fsshdconfig#L40

@konstruktoid , Already we have enabled "PermitRootLogin yes" in sshd config file after not able to login
egrep '^:blank:[^[:blank:]#]' /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/.conf
PermitRootLogin yes
PasswordAuthentication yes
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
AllowGroups analytics-team root ubuntu
AllowUsers analytics-team root ubuntu
root@ip-10-21-16-65:~#
How to allow root user login ?

<!-- gh-comment-id:1878220824 --> @rajualap commented on GitHub (Jan 5, 2024): > Hi @rajualap That's correct, the root user aren't allowed to login in using ssh: https://github.com/konstruktoid/hardening/blob/master/scripts%2Fsshdconfig#L40 @konstruktoid , Already we have enabled "PermitRootLogin yes" in sshd config file after not able to login egrep '^[[:blank:]]*[^[:blank:]#]' /etc/ssh/sshd_config Include /etc/ssh/sshd_config.d/*.conf PermitRootLogin yes PasswordAuthentication yes KbdInteractiveAuthentication no UsePAM yes X11Forwarding yes PrintMotd no AcceptEnv LANG LC_* AllowGroups analytics-team root ubuntu AllowUsers analytics-team root ubuntu root@ip-10-21-16-65:~# How to allow root user login ?
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Jan 5, 2024):

sshd[212573]: Failed password for root from 127.0.0.1

Correct password?

<!-- gh-comment-id:1878223016 --> @konstruktoid commented on GitHub (Jan 5, 2024): `sshd[212573]: Failed password for root from 127.0.0.1` Correct password?
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Jan 5, 2024):

But why login as root?
Instead of editing the script and configure files, why not login as a user and then elevate privileges?

<!-- gh-comment-id:1878223956 --> @konstruktoid commented on GitHub (Jan 5, 2024): But why login as root? Instead of editing the script and configure files, why not login as a user and then elevate privileges?
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@rajualap commented on GitHub (Jan 5, 2024):

@konstruktoid Yes correct password only using

this script create any impact on root user login "https://github.com/konstruktoid/hardening/blob/master/scripts/rootaccess"

<!-- gh-comment-id:1878224066 --> @rajualap commented on GitHub (Jan 5, 2024): @konstruktoid Yes correct password only using this script create any impact on root user login "https://github.com/konstruktoid/hardening/blob/master/scripts/rootaccess"
kerem commented 2026-03-03 13:58:59 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Jan 5, 2024):

yes, https://linux.die.net/man/5/access.conf

but still, why use the root user?

<!-- gh-comment-id:1878362139 --> @konstruktoid commented on GitHub (Jan 5, 2024): yes, https://linux.die.net/man/5/access.conf but still, why use the root user?
kerem commented 2026-03-03 13:59:00 +03:00
Author
Owner
Copy link

@rajualap commented on GitHub (Jan 5, 2024):

yes, https://linux.die.net/man/5/access.conf

but still, why use the root user?

@konstruktoid , As per policy we need root user login access also. How to enable root user login ? hep me @konstruktoid

Thanks

<!-- gh-comment-id:1878373099 --> @rajualap commented on GitHub (Jan 5, 2024): > yes, https://linux.die.net/man/5/access.conf > > but still, why use the root user? @konstruktoid , As per policy we need root user login access also. How to enable root user login ? hep me @konstruktoid Thanks
kerem commented 2026-03-03 13:59:00 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Jan 5, 2024):

Have you changed the ssh configuration and the security file?

What does the logs say?

<!-- gh-comment-id:1878377054 --> @konstruktoid commented on GitHub (Jan 5, 2024): Have you changed the ssh configuration and the security file? What does the logs say?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/github_actions/pozil/auto-assign-issue-3.0.0
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#80
No description provided.