Can't SSH into Access Server Appliance latest build
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Jul 26, 2017 3:33 pm
Can't SSH into Access Server Appliance latest build
Hello,
I'm running the latest Appliance on HyperV 2016 and everything is working great except that i cant access the OpenVPN Appliance remotely via SSH or Filezilla. I keep on getting access denied authentication failure. I'm trying to log in with the root password which i can use in the console. I'm trying to access the server to get the certificates i generated so i could install my own cert from my Windows CA. Any help will be greatly appreciated as I'm a newbie on this.
Thanks
I'm running the latest Appliance on HyperV 2016 and everything is working great except that i cant access the OpenVPN Appliance remotely via SSH or Filezilla. I keep on getting access denied authentication failure. I'm trying to log in with the root password which i can use in the console. I'm trying to access the server to get the certificates i generated so i could install my own cert from my Windows CA. Any help will be greatly appreciated as I'm a newbie on this.
Thanks
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Can't SSH into Access Server Appliance latest build
Yeah that's something that's fairly 'new'. The root account is not allowed to log on through SSH directly. Instead you have to use a normal user account to log on through SSH, and then 'sudo up' to get root privileges.
If you don't like this, you can adjust the SSH service settings to allow the root user to log on directly through SSH, but this is generally discouraged. The reason being that the 'root' account name is known and the same on all Linux systems. But your 'normal' user account is unique and not a known quantity yet. Given that access to the server is possible with username+password, knowing half of this already by allowing the 'root' account to log on, lowers security somewhat.
There are interesting debates about this. In any case, if you want to allow direct SSH log on with 'root' account, edit the file /etc/ssh/sshd_config and adjust the line that starts with "PermitRootLogin" to look like "PermitRootLogin yes" and save and close the file and restart the 'ssh' service; service ssh restart. That's it. Good luck.
If you don't like this, you can adjust the SSH service settings to allow the root user to log on directly through SSH, but this is generally discouraged. The reason being that the 'root' account name is known and the same on all Linux systems. But your 'normal' user account is unique and not a known quantity yet. Given that access to the server is possible with username+password, knowing half of this already by allowing the 'root' account to log on, lowers security somewhat.
There are interesting debates about this. In any case, if you want to allow direct SSH log on with 'root' account, edit the file /etc/ssh/sshd_config and adjust the line that starts with "PermitRootLogin" to look like "PermitRootLogin yes" and save and close the file and restart the 'ssh' service; service ssh restart. That's it. Good luck.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Jul 26, 2017 3:33 pm
Re: Can't SSH into Access Server Appliance latest build
good to know. I'm using radius for authentication so does that mean i need to create another local admin account and not try to login in with a radius account? i was entering root@vpnipaddress for username.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Can't SSH into Access Server Appliance latest build
Hey, if you change the way Linux authenticates system accounts, that's on you. But if you meant you configured RADIUS authentication in OpenVPN Access Server, that has no bearing whatsoever on system accounts.
But normally you just use a normal account yeah, and give it sudo rights. You can find loads of guides on the Internet on how to do that.
But normally you just use a normal account yeah, and give it sudo rights. You can find loads of guides on the Internet on how to do that.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Jul 26, 2017 3:33 pm
Re: Can't SSH into Access Server Appliance latest build
Thanks! I rather follow best practices so going to try and figure out how to create system accounts on the Appliance.
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: Can't SSH into Access Server Appliance latest build
i usually set 'PermitRootLogin without-password' in sshd_config , and use public/private key authentication , that way knowing that there's a root user doesn't matter since they can't login with a password
you can also set up firewall rules to limit access to ssh or even tcp wrappers (though seems like this got kind of deprecated over the years)
you can also set up firewall rules to limit access to ssh or even tcp wrappers (though seems like this got kind of deprecated over the years)
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Can't SSH into Access Server Appliance latest build
...and the discussions have reached us! Woohoo
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVPN Super User
- Posts: 310
- Joined: Tue Apr 12, 2011 6:22 am
Re: Can't SSH into Access Server Appliance latest build
just my two cents
-
- OpenVpn Newbie
- Posts: 5
- Joined: Wed Jul 26, 2017 3:33 pm
Re: Can't SSH into Access Server Appliance latest build
I'm all good. Thanks for the help!