Can't SSH into Access Server Appliance latest build

Post Reply
joeyg2391
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 26, 2017 3:33 pm

Can't SSH into Access Server Appliance latest build

Post by joeyg2391 » Wed Jul 26, 2017 3:37 pm

Hello,
I'm running the latest Appliance on HyperV 2016 and everything is working great except that i cant access the OpenVPN Appliance remotely via SSH or Filezilla. I keep on getting access denied authentication failure. I'm trying to log in with the root password which i can use in the console. I'm trying to access the server to get the certificates i generated so i could install my own cert from my Windows CA. Any help will be greatly appreciated as I'm a newbie on this.

Thanks

novaflash
OpenVPN Expert
Posts: 441
Joined: Fri Apr 13, 2012 8:43 pm

Re: Can't SSH into Access Server Appliance latest build

Post by novaflash » Wed Jul 26, 2017 3:52 pm

Yeah that's something that's fairly 'new'. The root account is not allowed to log on through SSH directly. Instead you have to use a normal user account to log on through SSH, and then 'sudo up' to get root privileges.

If you don't like this, you can adjust the SSH service settings to allow the root user to log on directly through SSH, but this is generally discouraged. The reason being that the 'root' account name is known and the same on all Linux systems. But your 'normal' user account is unique and not a known quantity yet. Given that access to the server is possible with username+password, knowing half of this already by allowing the 'root' account to log on, lowers security somewhat.

There are interesting debates about this. In any case, if you want to allow direct SSH log on with 'root' account, edit the file /etc/ssh/sshd_config and adjust the line that starts with "PermitRootLogin" to look like "PermitRootLogin yes" and save and close the file and restart the 'ssh' service; service ssh restart. That's it. Good luck.

joeyg2391
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 26, 2017 3:33 pm

Re: Can't SSH into Access Server Appliance latest build

Post by joeyg2391 » Wed Jul 26, 2017 3:58 pm

good to know. I'm using radius for authentication so does that mean i need to create another local admin account and not try to login in with a radius account? i was entering root@vpnipaddress for username.

novaflash
OpenVPN Expert
Posts: 441
Joined: Fri Apr 13, 2012 8:43 pm

Re: Can't SSH into Access Server Appliance latest build

Post by novaflash » Wed Jul 26, 2017 4:37 pm

Hey, if you change the way Linux authenticates system accounts, that's on you. But if you meant you configured RADIUS authentication in OpenVPN Access Server, that has no bearing whatsoever on system accounts.

But normally you just use a normal account yeah, and give it sudo rights. You can find loads of guides on the Internet on how to do that.

joeyg2391
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 26, 2017 3:33 pm

Re: Can't SSH into Access Server Appliance latest build

Post by joeyg2391 » Wed Jul 26, 2017 5:44 pm

Thanks! I rather follow best practices so going to try and figure out how to create system accounts on the Appliance.

TiTex
OpenVPN Expert
Posts: 231
Joined: Tue Apr 12, 2011 6:22 am

Re: Can't SSH into Access Server Appliance latest build

Post by TiTex » Wed Jul 26, 2017 6:47 pm

i usually set 'PermitRootLogin without-password' in sshd_config , and use public/private key authentication , that way knowing that there's a root user doesn't matter since they can't login with a password
you can also set up firewall rules to limit access to ssh or even tcp wrappers (though seems like this got kind of deprecated over the years)

novaflash
OpenVPN Expert
Posts: 441
Joined: Fri Apr 13, 2012 8:43 pm

Re: Can't SSH into Access Server Appliance latest build

Post by novaflash » Wed Jul 26, 2017 6:49 pm

...and the discussions have reached us! Woohoo

TiTex
OpenVPN Expert
Posts: 231
Joined: Tue Apr 12, 2011 6:22 am

Re: Can't SSH into Access Server Appliance latest build

Post by TiTex » Wed Jul 26, 2017 7:08 pm

:D :roll: just my two cents

joeyg2391
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 26, 2017 3:33 pm

Re: Can't SSH into Access Server Appliance latest build

Post by joeyg2391 » Thu Jul 27, 2017 12:57 am

I'm all good. Thanks for the help!

Post Reply