App server putty WINSCP log in

[teletechman]

I just turned up a App server R12 and am having issues logging into it with putty or winscp. They worked when I had it on the bench for pre-install but now with it installed, they don't work. I can log into the App server with them at the console but not with putty or winscp. This is happening with either Administrator or root both work at the console.
Any ideas?
Mike

 

[derfloh]

Become root and check the output of

systemctl status openssh-server
or
systemctl status sshd
(have no one to check the exact)

 

[teletechman]

Got this reply
Still no access via putty or winscp

 

[derfloh]

Sounds more like a routing issue then. Ping works?

 

[sizbut]

This is normal, has been for several years. During installation, the install scripts have set all sorts of security permissions on services and folders. And that includes setting SSH access using root as not permitted. If you really want it (why?), then through the console you need to do the following*. Do it at your own risk, remote root access is a hackers delight.

1. Login as root.
2. Open the /etc/ssh/sshd_config file in a text editor.
3. Set PermitRootLogin no to PermitRootLogin yes
4. Enter service sshd restart

[*Based on how it was in CentOS, may differ in Rocky Linux, haven't tested that.]

 

[budbyrd]

I thought they changed the ssh access in R12 to allow Winscp. I know it was enabled in R10 and disabled in R11. I wrote a complete faq with detailed step by step for allowing it (which unfortunately got lost in the site upgrade).

 

[teletechman]

When I try to edit the file this is what I get.
I don't see an option for PermitRootLogin.

 

[sizbut]

Just add it. Quick google on "rocky linux enable ssh root login" says that its no longer Avaya who turned it off by default. RHEL and similar Linux's don't support it by default and you need to add it in the # Authentication section in that file.

i.e. Add

# Authentication
PermitRootLogin yes

I suspect it need to go before the Match section which seems to be setting some permissions for Media Manager (witness).

 

[sizbut]

I thought they changed the ssh access in R12 to allow Winscp. I know it was enabled in R10 and disabled in R11. I wrote a complete faq with detailed step by step for allowing it (which unfortunately got lost in the site upgrade).

I think there were changes around supported ciphers needed because some SSH/SFTP apps wouldn't work for any access with any account, not just root.

 

[sizbut]

When I try to edit the file this is what I get.View attachment 432
I don't see an option for PermitRootLogin.

!? The section in your screenshot is at the very end of the ssh_config.txt file on the 12.0 Server Edition primary I just looked at, which has hordes of other settings before it including PermitRootLogin no. I can believe its different on an Application Server but not that different.

Was it an ISO install (physical server) or OVA install (virtual server)?

 

[teletechman]

Virtual Hyper-V install
It seems that the sshd_config file is missing or is not the default as I only see the lines shown, this is after I tried to add the permission with no luck.

 

[derfloh]

Nevertheless… Administrator acces has been available all the time. If this doesn’t work, there is another issue. PermitRootLogon will probably not help in this case.

 

[teletechman]

Is there a way to load the sshd_config default file that should be there or do I need to rebuild at this point?

 

[derfloh]

Yes and no… if you have one from another Server v12 you can try to replace it. But if this file is broken, you will never know if other files are corrupted as well.