ssh & local root login works with invalid password in Debian 9











up vote
0
down vote

favorite












I am trying to login to Debian 9 machine with root username,
locally and through ssh. 
It logs in with any invalid password. 
I want to access the machine with the correct password only. 
Why does an invalid password for the root account work? 
How do I fix it so correct password entry is required, locally and through ssh?



For ssh I allowed only the root user. 
Interestingly, when I change UsePAM to no, it works with correct root password.



ssh debug result:



OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1  11 Sep 2018

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug1: Connecting to 192.168.56.101 [192.168.56.101] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: identity file /root/.ssh/id_xmss type -1

debug1: identity file /root/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-1

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4

debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

debug1: Authenticating to localhost:22 as 'root'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

debug1: Host 'localhost' is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /root/.ssh/id_rsa 

debug1: Will attempt key: /root/.ssh/id_dsa 

debug1: Will attempt key: /root/.ssh/id_ecdsa 

debug1: Will attempt key: /root/.ssh/id_ed25519 

debug1: Will attempt key: /root/.ssh/id_xmss 

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Trying private key: /root/.ssh/id_xmss

debug1: Next authentication method: password

debug1: Authentication succeeded (password).

Authenticated to localhost ([localhost]:22).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: pledge: network

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0

debug1: channel 0: free: client-session, nchannels 1

debug1: fd 2 clearing O_NONBLOCK

Connection to localhost closed.

Transferred: sent 2356, received 6188 bytes, in 7.3 seconds

Bytes per second: sent 321.4, received 844.0

debug1: Exit status 0





linux debian login root pam







share|improve this question
























  • Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
    – RubberStamp
    Nov 26 at 0:10






  • 2




    Look at your misconfigured pam files.
    – Ipor Sircer
    Nov 26 at 0:14










  • thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
    – ARH
    Nov 26 at 0:31










  • Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
    – RubberStamp
    Nov 26 at 1:02






  • 1




    I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
    – telcoM
    Nov 26 at 7:27

















up vote
0
down vote

favorite












I am trying to login to Debian 9 machine with root username,
locally and through ssh. 
It logs in with any invalid password. 
I want to access the machine with the correct password only. 
Why does an invalid password for the root account work? 
How do I fix it so correct password entry is required, locally and through ssh?



For ssh I allowed only the root user. 
Interestingly, when I change UsePAM to no, it works with correct root password.



ssh debug result:



OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1  11 Sep 2018

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug1: Connecting to 192.168.56.101 [192.168.56.101] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: identity file /root/.ssh/id_xmss type -1

debug1: identity file /root/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-1

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4

debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

debug1: Authenticating to localhost:22 as 'root'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

debug1: Host 'localhost' is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /root/.ssh/id_rsa 

debug1: Will attempt key: /root/.ssh/id_dsa 

debug1: Will attempt key: /root/.ssh/id_ecdsa 

debug1: Will attempt key: /root/.ssh/id_ed25519 

debug1: Will attempt key: /root/.ssh/id_xmss 

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Trying private key: /root/.ssh/id_xmss

debug1: Next authentication method: password

debug1: Authentication succeeded (password).

Authenticated to localhost ([localhost]:22).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: pledge: network

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0

debug1: channel 0: free: client-session, nchannels 1

debug1: fd 2 clearing O_NONBLOCK

Connection to localhost closed.

Transferred: sent 2356, received 6188 bytes, in 7.3 seconds

Bytes per second: sent 321.4, received 844.0

debug1: Exit status 0





linux debian login root pam







share|improve this question
























  • Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
    – RubberStamp
    Nov 26 at 0:10






  • 2




    Look at your misconfigured pam files.
    – Ipor Sircer
    Nov 26 at 0:14










  • thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
    – ARH
    Nov 26 at 0:31










  • Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
    – RubberStamp
    Nov 26 at 1:02






  • 1




    I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
    – telcoM
    Nov 26 at 7:27















up vote
0
down vote

favorite









up vote
0
down vote

favorite











I am trying to login to Debian 9 machine with root username,
locally and through ssh. 
It logs in with any invalid password. 
I want to access the machine with the correct password only. 
Why does an invalid password for the root account work? 
How do I fix it so correct password entry is required, locally and through ssh?



For ssh I allowed only the root user. 
Interestingly, when I change UsePAM to no, it works with correct root password.



ssh debug result:



OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1  11 Sep 2018

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug1: Connecting to 192.168.56.101 [192.168.56.101] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: identity file /root/.ssh/id_xmss type -1

debug1: identity file /root/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-1

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4

debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

debug1: Authenticating to localhost:22 as 'root'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

debug1: Host 'localhost' is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /root/.ssh/id_rsa 

debug1: Will attempt key: /root/.ssh/id_dsa 

debug1: Will attempt key: /root/.ssh/id_ecdsa 

debug1: Will attempt key: /root/.ssh/id_ed25519 

debug1: Will attempt key: /root/.ssh/id_xmss 

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Trying private key: /root/.ssh/id_xmss

debug1: Next authentication method: password

debug1: Authentication succeeded (password).

Authenticated to localhost ([localhost]:22).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: pledge: network

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0

debug1: channel 0: free: client-session, nchannels 1

debug1: fd 2 clearing O_NONBLOCK

Connection to localhost closed.

Transferred: sent 2356, received 6188 bytes, in 7.3 seconds

Bytes per second: sent 321.4, received 844.0

debug1: Exit status 0





linux debian login root pam







share|improve this question















I am trying to login to Debian 9 machine with root username,
locally and through ssh. 
It logs in with any invalid password. 
I want to access the machine with the correct password only. 
Why does an invalid password for the root account work? 
How do I fix it so correct password entry is required, locally and through ssh?



For ssh I allowed only the root user. 
Interestingly, when I change UsePAM to no, it works with correct root password.



ssh debug result:



OpenSSH_7.9p1 Debian-1, OpenSSL 1.1.1  11 Sep 2018

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 19: Applying options for *

debug1: Connecting to 192.168.56.101 [192.168.56.101] port 22.

debug1: Connection established.

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_rsa-cert type -1

debug1: identity file /root/.ssh/id_dsa type -1

debug1: identity file /root/.ssh/id_dsa-cert type -1

debug1: identity file /root/.ssh/id_ecdsa type -1

debug1: identity file /root/.ssh/id_ecdsa-cert type -1

debug1: identity file /root/.ssh/id_ed25519 type -1

debug1: identity file /root/.ssh/id_ed25519-cert type -1

debug1: identity file /root/.ssh/id_xmss type -1

debug1: identity file /root/.ssh/id_xmss-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-1

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u4

debug1: match: OpenSSH_7.4p1 Debian-10+deb9u4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002

debug1: Authenticating to localhost:22 as 'root'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256

debug1: kex: host key algorithm: ecdsa-sha2-nistp256

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ecdsa-sha2-nistp256 SHA256:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

debug1: Host 'localhost' is known and matches the ECDSA host key.

debug1: Found key in /root/.ssh/known_hosts:3

debug1: rekey after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: rekey after 134217728 blocks

debug1: Will attempt key: /root/.ssh/id_rsa 

debug1: Will attempt key: /root/.ssh/id_dsa 

debug1: Will attempt key: /root/.ssh/id_ecdsa 

debug1: Will attempt key: /root/.ssh/id_ed25519 

debug1: Will attempt key: /root/.ssh/id_xmss 

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Trying private key: /root/.ssh/id_dsa

debug1: Trying private key: /root/.ssh/id_ecdsa

debug1: Trying private key: /root/.ssh/id_ed25519

debug1: Trying private key: /root/.ssh/id_xmss

debug1: Next authentication method: password

debug1: Authentication succeeded (password).

Authenticated to localhost ([localhost]:22).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: pledge: network

debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0

debug1: channel 0: free: client-session, nchannels 1

debug1: fd 2 clearing O_NONBLOCK

Connection to localhost closed.

Transferred: sent 2356, received 6188 bytes, in 7.3 seconds

Bytes per second: sent 321.4, received 844.0

debug1: Exit status 0





linux debian login root pam




linux debian login root pam






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 26 at 7:16









fduff

2,63731933




2,63731933










asked Nov 26 at 0:02









ARH

1092




1092












  • Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
    – RubberStamp
    Nov 26 at 0:10






  • 2




    Look at your misconfigured pam files.
    – Ipor Sircer
    Nov 26 at 0:14










  • thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
    – ARH
    Nov 26 at 0:31










  • Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
    – RubberStamp
    Nov 26 at 1:02






  • 1




    I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
    – telcoM
    Nov 26 at 7:27




















  • Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
    – RubberStamp
    Nov 26 at 0:10






  • 2




    Look at your misconfigured pam files.
    – Ipor Sircer
    Nov 26 at 0:14










  • thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
    – ARH
    Nov 26 at 0:31










  • Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
    – RubberStamp
    Nov 26 at 1:02






  • 1




    I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
    – telcoM
    Nov 26 at 7:27


















Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
– RubberStamp
Nov 26 at 0:10




Please supply the debugging information for ssh -vvv root@yourhost when you are able to log in as root with any invalid password...
– RubberStamp
Nov 26 at 0:10




2




2




Look at your misconfigured pam files.
– Ipor Sircer
Nov 26 at 0:14




Look at your misconfigured pam files.
– Ipor Sircer
Nov 26 at 0:14












thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
– ARH
Nov 26 at 0:31




thanks, I have added debug result in the attached. @IporSircer you mean that for local login and what file I should look in pam.d folder?
– ARH
Nov 26 at 0:31












Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
– RubberStamp
Nov 26 at 1:02




Do you have HostbasedAuthentication yes set in sshd_config ... along with /.rhosts set? ... and this is locahost to localhost, yes? So, basically an apparent privilege escalation, most likely due to misconfiguration...
– RubberStamp
Nov 26 at 1:02




1




1




I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
– telcoM
Nov 26 at 7:27






I think Ipor Sircer meant the PAM configuration files: /etc/pam.d/sshd and any /etc/pam.d/common-* files included by it. I agree with him: it clearly looks like a PAM configuration error.
– telcoM
Nov 26 at 7:27












1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted










I solved it. PAM contains different files and one of the files common-auth was mis-configured. There was deny status on any invalid login, so I changed it and the problem solved.






share|improve this answer








New contributor




ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f484110%2fssh-local-root-login-works-with-invalid-password-in-debian-9%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote



    accepted










    I solved it. PAM contains different files and one of the files common-auth was mis-configured. There was deny status on any invalid login, so I changed it and the problem solved.






    share|improve this answer








    New contributor




    ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      up vote
      0
      down vote



      accepted










      I solved it. PAM contains different files and one of the files common-auth was mis-configured. There was deny status on any invalid login, so I changed it and the problem solved.






      share|improve this answer








      New contributor




      ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        I solved it. PAM contains different files and one of the files common-auth was mis-configured. There was deny status on any invalid login, so I changed it and the problem solved.






        share|improve this answer








        New contributor




        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        I solved it. PAM contains different files and one of the files common-auth was mis-configured. There was deny status on any invalid login, so I changed it and the problem solved.







        share|improve this answer








        New contributor




        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered Nov 29 at 11:09









        ARH

        1092




        1092




        New contributor




        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        ARH is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f484110%2fssh-local-root-login-works-with-invalid-password-in-debian-9%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            List directoties down one level, excluding some named directories and files

            Image
            1 I want to send a list of all folders including one level down to a txt file. Excluding some named folders and no files. Imagine a folder structure like this. CAPS are folders. FOLDER 1 .hidden TEMP somefile ========= ========= FOLDER 2 .hidden TEMP DATA1 DATA2 somefile ======== ======== FOLDER 3 .hidden TEMP DATA1 somefile I would like to run "insert magic command here" and end up with an output that looks like below FOLDER 1 FOLDER 2 DATA1 DATA2 FOLDER 3 DATA1 bash shell-script share | improve this question edited Dec 16 at 4:15 Rui F Ribeiro ...
            Read more

            list processes belonging to a network namespace

            Image
            5 1 I am on Ubuntu 12.04, and the ip utility does not have ip netns identify <pid> option, I tried installing new iproute , but still, the option identify doesn't seem to be working!. If I were to write a script (or code) to list all processes in a network-namespace, or given a PID, show which network-namespace it belongs to, how should I proceed ? (I need info on a handful of processes, to check if they are in the right netns ) linux process network-namespaces share | improve this question edited Jun 30 '15 at 22:00 Gilles 529k 128 1060 1585 ...
            Read more

            list systemd RuntimeDirectory mounts

            Image
            3 I have a systemd service with this declaration: RuntimeDirectory=plex RuntimeDirectoryMode=750 which creates the in memory directory /run/plex . How would I list the capabilities of this mount point as I would do with mount -l ? systemd systemd-mount share | improve this question edited Jan 9 at 17:57 filbranden 7,400 2 8 37 asked Jan 9 at 17:40 adrhc adrhc 247 1 11 ...
            Read more