Hi, Try to set the pw for the root user again from the telnet login with
passwd and try to login afterwards with ssh. Also set PasswordAuthentication yes - allthough the default value should be yes. With kind regards, Peter Wagner On Sun, 16 Jun 2013 12:27:08 +0800 (CST) jinzhcheng <bjzhoug...@126.com> wrote: > Dear Sir > > > (1) > This my config file in attitude_adjustment about openssh-server: > CONFIG_DEFAULT_dropbear=y > # CONFIG_PACKAGE_dropbear is not set > # > # SSH > # > # CONFIG_PACKAGE_openssh-client is not set > # CONFIG_PACKAGE_openssh-client-utils is not set > CONFIG_PACKAGE_openssh-keygen=y > CONFIG_PACKAGE_openssh-moduli=y > CONFIG_PACKAGE_openssh-server=y > # CONFIG_PACKAGE_openssh-sftp-client is not set > # CONFIG_PACKAGE_openssh-sftp-server is not set > ---------------------------------------------------------------------------- > > > (2) > after telnet openwrt, I changed root passwd > and modify /etc/ssh/sshd_config: > > > Port 22 > #AddressFamily any > #ListenAddress 0.0.0.0 > #ListenAddress :: > > # The default requires explicit activation of protocol 1 > Protocol 2 > > # HostKey for protocol version 1 > #HostKey /etc/ssh/ssh_host_key > # HostKeys for protocol version 2 > HostKey /etc/ssh/ssh_host_rsa_key > HostKey /etc/ssh/ssh_host_dsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > > # Lifetime and size of ephemeral version 1 server key > KeyRegenerationInterval 1h > ServerKeyBits 1024 > > # Logging > # obsoletes QuietMode and FascistLogging > SyslogFacility AUTH > LogLevel INFO > > # Authentication: > > LoginGraceTime 2m > PermitRootLogin yes > StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 > > RSAAuthentication yes > PubkeyAuthentication yes > > # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 > # but this is overridden so installations will only check .ssh/authorized_keys > #AuthorizedKeysFile .ssh/authorized_keys > > #AuthorizedPrincipalsFile none > # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts > RhostsRSAAuthentication no > # similar for protocol version 2 > HostbasedAuthentication no > # Change to yes if you don't trust ~/.ssh/known_hosts for > # RhostsRSAAuthentication and HostbasedAuthentication > #IgnoreUserKnownHosts no > # Don't read the user's ~/.rhosts and ~/.shosts files > IgnoreRhosts yes > > # To disable tunneled clear text passwords, change to no here! > #PasswordAuthentication yes > PermitEmptyPasswords no > > # Change to no to disable s/key passwords > #ChallengeResponseAuthentication yes > > # Kerberos options > #KerberosAuthentication no > #KerberosOrLocalPasswd yes > #KerberosTicketCleanup yes > #KerberosGetAFSToken no > > # GSSAPI options > #GSSAPIAuthentication no > #GSSAPICleanupCredentials yes > > # Set this to 'yes' to enable PAM authentication, account processing, > # and session processing. If this is enabled, PAM authentication will > # be allowed through the ChallengeResponseAuthentication and > # PasswordAuthentication. Depending on your PAM configuration, > # PAM authentication via ChallengeResponseAuthentication may bypass > # the setting of "PermitRootLogin without-password". > # If you just want the PAM account and session checks to run without > # PAM authentication, then enable this but set PasswordAuthentication > # and ChallengeResponseAuthentication to 'no'. > #UsePAM yes > > #AllowAgentForwarding yes > #AllowTcpForwarding yes > #GatewayPorts no > #X11Forwarding no > #X11DisplayOffset 10 > #X11UseLocalhost yes > #PrintMotd yes > #PrintLastLog yes > TCPKeepAlive yes > #UseLogin no > UsePrivilegeSeparation sandbox # Default for new installations. > #PermitUserEnvironment no > #Compression delayed > #ClientAliveInterval 0 > #ClientAliveCountMax 3 > #UseDNS yes > #PidFile /var/run/sshd.pid > #MaxStartups 10 > #PermitTunnel no > #ChrootDirectory none > #VersionAddendum none > > # no default banner path > #Banner none > > # enable DSCP QoS values (per RFC-4594) > #IPQoS AF21 AF11 > > # override default of no subsystems > Subsystem sftp /usr/lib/sftp-server > > # Example of overriding settings on a per-user basis > #Match User anoncvs > # X11Forwarding no > # AllowTcpForwarding no > # ForceCommand cvs server > > > (3) > and restart sshd: > /etc/init.d/sshd restart > > > (4) > but when i try to login openwrt using ssh, it failed: > ssh root@192.168.22.1 > root@192.168.22.1's password: > Permission denied (publickey,password,keyboard-interactive). > > > (5) > and the log from logread: > Jan 1 00:15:42 OpenWrt auth.info sshd[1738]: User root password has expired > (root forced) > Jan 1 00:15:42 OpenWrt auth.info sshd[1738]: Failed password for root from > 192.168.22.178 port 41970 ssh2 > Jan 1 00:15:44 OpenWrt auth.info sshd[1738]: Failed password for root from > 192.168.22.178 port 41970 ssh2 > Jan 1 00:15:46 OpenWrt auth.info sshd[1738]: Failed password for root from > 192.168.22.178 port 41970 ssh2 > Jan 1 00:15:46 OpenWrt auth.info sshd[1738]: Connection closed by > 192.168.22.178 [preauth] > > > Any suggestion? thank you very much! _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
