CentOS access denied ???

Discussion in 'General' started by milauria, Mar 28, 2010.

  1. milauria

    Joined:
    Mar 27, 2010
    Messages:
    27
    Likes Received:
    0
    I have Elastix 1.6 installed and working fine, however since today I can't access to CentOS command line via putty/ssh.

    I type root + password and get this "access denied" error, the password has not been changed by me for sure
    Elastix is ok I can get in/out with no issues at all but CentOS ... no!

    It already happened once with no apparent reason but I had to reinstall anyway and I thought it was me doing something wrong, but today it just happened again and it is quite annoying.

    anything I can do? any guidance on how to login again ? thanks a lot !
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Can you access the box from the "console" (the "physical machine" ) , if you can't you have likely been compromised, if you can then "it's save-able" if you can't, then consider the box screwed and go back to your "oh-shit backup" scenario, if you don't have one then you have only yourself to blame :)

    p.s.

    do NOT allow root access in ssh and change the port it's running on, use very strong passwords. install fail2ban and rkhunter or their like and visit the security forum. And anybody who disagrees with or has not implemented these basic changes, should examine their /var/log/secure* files, I guarantee they will be effing "gob-smacked" !!

    dicko
     
  3. milauria

    Joined:
    Mar 27, 2010
    Messages:
    27
    Likes Received:
    0
    No success even via console and I had to reinstall from scratch... lesson learnt and set a more secure password.

    Following you advise I have now created a new user with "useradd" command but now I log in with this and cant run "Asterisk -r" as it does not seems to find the executable anymore, am I amissing some steps to configure a secondary user to access via ssh ? Thanks
     
  4. tucomp

    Joined:
    Mar 31, 2010
    Messages:
    2
    Likes Received:
    0
    Dicko,
    I am in the same boat. Would a power outage may have caused the root pw to change? i am in a tight spot. all pw's have changed. pbxlogin, web, etc. boots to console, can ping, phones are green, but 'no worky'! i have a backup of the config only and am a total newbie. please help! i tried your append single fix, but i need further instructions, since after i 'append' (as in add that to the end of the kernel line/), i get no prompts.
    Any assistance would be greatly appreciated!
    Salud,
    Rafa in OC, CA
     
  5. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    No a power outage can't do that, if you had a "dictionary" root password ( a word ) then also consider the machine compromised.

    Sorry but I suggest you rebuild your machine from scratch and restore the config.

    dicko
     
  6. Kalama Sutra

    Joined:
    Apr 15, 2009
    Messages:
    95
    Likes Received:
    0
    So I'd best not use a Klingon dictionary, either .... :woohoo:

    Unless of course, I've a Klingon keyboard input device.

    I just couldn't help myself, Dicko.


    For the rest of you fellows ... I Do Feel Your PAIN ... :blush:
     
  7. tucomp

    Joined:
    Mar 31, 2010
    Messages:
    2
    Likes Received:
    0
    thanks for responding... lesson learned.
     
  8. milauria

    Joined:
    Mar 27, 2010
    Messages:
    27
    Likes Received:
    0
    I have added a new non-root user for safety reason, I log in but then I can't run Asterisk CLI .... system says command not recognized http://www.elastix.org/components/com_f ... s/ermm.png

    Should I take any action to configure a CentOs user to manage asterisk CLI and avoid using root user with ssh sessions ? Thanks
     
  9. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    The trick is to edit /etc/ssh/sshd.config to change the line

    Port NNNN (from 22 to something else (above 1024, but that's another story) because the drive-by's on 22 are just effing annoying)

    change the line to:

    PermitRootLogin no


    service sshd restart

    to make it take effect.

    You then login to ssh with your non-privileged account, and then you can "Switch user" to root

    su -

    it will ask for your root password and "bingo" (non privileged accounts for obvious reasons don't have access to asterisk)

    you can also do the sudoers thing but that's another story :)

    dicko


    p.s.
    do this from the local console to start off with, because if you screw it up, you will have to get in your car and go fix it. :) :)
    It's also preferable to use "keys" and disable password authentification , but that's also "another story"
     
  10. rafael

    Joined:
    May 14, 2007
    Messages:
    1,454
    Likes Received:
    1
    SSH public/private key authentication would make your installation much more secure than password. This link may help you:
    http://sial.org/howto/openssh/publickey-auth/

    Changing the port would help, but it does not mean you are secure. Remember security by obscurity is not security. It would stop the lazy ckrackers, but no the danger ones.

    Not permiting root login would really help a lot.

    And backup, always backup ;).

    Regards,

    rafael
     

Share This Page