Unable to log in via SSH

Discussion in 'General' started by schwim, Mar 27, 2018.

  1. schwim

    schwim Member

    Hi there everyone!
    I've got a site set up via ISPConfig 3.1.11. I've created a shell user but during attempt to log in via SSH, I get:
    My user's shell info can be found in these screenies:

    [​IMG]

    [​IMG]

    I don't see anything in the system log via ISPConfig concerning the failed login attempt. Could someone help me with what I need to do to be able to shell in and SU so I can work on the server?

    Thanks for your time!
     
  2. ahrasis

    ahrasis Active Member

    Did you open the port for ssh and/or portforward it (if you are on your own server / behind router)?
     
  3. schwim

    schwim Member

    Thanks for your help ahrasis!

    I'm probably wrong but if it were a fireawall issue, it would never make it to the password challenge, would it? It seems I connect, it asks for my password and once entered, it responds with "permission denied"

    If I enter an incorrect password enough times, fail2ban adds my IP to iptables and then it no longer connects until my ban expires.

    That's not acting like a connection issue, is it?
     
  4. ahrasis

    ahrasis Active Member

    Except may be for opening the port, that is not entirely true.

    If you try hacker@schwimserver.com, you might see the next line asking password for hacker@schwimserver.com and entering any words will result the same: "Permission denied, please try again.".

    This could mean that the port is opened (on the router) but not necessarily the right port for ssh for the server as it may be portforwarded especially if your server is behind a router.

    It is your server and other than the said question, you definitely know whether your username or password is incorrect, whether you typed while caps lock on/off and whether your sshd_config is set correctly.

    So, if I were you, if the above is fine, I would try to create a new user with other password or change the password via ISPConfig and see if the new one works.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Take a look into the auth.log filee in /var/log/ to see if you find the authentication attempts logged there.
     
  6. schwim

    schwim Member

    Is there a way to do this via ISPConfig? Since I can't shell in, I can't get to it via terminal and I can't see the auth log under 'Monitor" in ISPC.
     
  7. ahrasis

    ahrasis Active Member

    No. Unless you are not the owner of that server, you should have access to your server via ssh. The fact that you cannot ssh to your website via the created account that doesn't mean you cannot ssh to your server the way you did when setup your ISPConfig server at the first instance.
     
  8. Jesse Norell

    Jesse Norell Well-Known Member

    how did you install ISPConfig? That generally requires a root shell, which is exactly what you need to check auth.log and fix the ssh problem.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    And in case you have not set up that server yourself and you are not the administrator of that server, then you might want to ask the administrator of that server to help you as it might just be that he does not allow ssh logins to his server.
     
  10. schwim

    schwim Member

    Hi there everyone and thanks for your help!

    ISPC was installed during server rollout by the host. I had yet to SSH in on this server.

    I spoke to the host(Kimsufi) and figured out that the root user was allowed to shell in and I am successfully able to shell in with the root user. I can not, however, shell in with the shell users created in ISPConfig.

    What should I do next to try get those shell users to work?

    Thanks for your time!
     
  11. Jesse Norell

    Jesse Norell Well-Known Member

    Your screenshots are hard to read but look to have 'Chroot Shell' set to Jailkit - you will need to set that to None if you wish to su to root to work on the system. For any other purpose (ie. working on websites), using Jailkit is much more secure, as it restricts you to a limited environment for just that site.

    As mentioned above, check your auth.log to see what the problem is. If something is broken in your jailkit setup, perhaps that is why you can't login when set to Jailkit, which is worth fixing, but for your immediate purpose just change to None and see if you can login.
     

Share This Page