Root SSH Login Not Working

January 5, 2015 15.3k views

I have a Ubuntu 14.04 system up and running. I created ssh keys on my Windows Desktop using Putty and pasted the public key into the authorized_keys file for my user account.

I am able to log into the user account using Putty and NotePad++ using the keys created on my Windows desktop. (Side note for others accessing using NotePad++, you have to convert your ssh key into Open SSH format in order for NotePad++ to work).

I added the same key into the /root/.ssh/authorized_keys file and then tried to access the server using the root account but I am getting an unauthorized access error message. It then asks for the root password but it doesn’t accept that password.

If I use the DO Web console interface I am able to login as root with the password I am using so I’m a bit confused what I’ve done wrong.

I’ve read a lot of the posts and tutorials so perhaps I’ve modified a file incorrectly along the way. Ultimately I want to allow only ssh key access but before I do that I need to at least get it working with the root account.

12 comments
  • When setting up ssh keys on your droplet did you update your ssh configuration to reflect:

    PermitRootLogin without-password
    

    To allow the root account to authenticate by key only? You mentioned going through several tutorials, I would recommend reviewing this one to ensure you’ve got everything configured correctly.

    by Etel Sverdlov
    SSH keys provide a more secure way of logging into a virtual private server with SSH than using a password alone. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, use, and upload an SSH Key Pair.
  • With Ubuntu, look in /var/log/auth.log to see the details of why your keys are being rejected. The procedure I would use is to login as root through the DO web console and do ‘tail -f /var/log/auth.log’ and then ssh from you windows as your non-root account and then with your root account. This way you can see the effects of when it works and when it does not.

    Hope that helps.

  • Yes, in my /etc/ssh/sshd_config file is that line and I have also restarted the ssh service a few times

  • There were two main types of failures I’ve seen where ssh works for one user and not for another. The first case is a corrupted authorizedkeys file for the failing account (it should be 1 public key per line, but the bad one had some garbage lines that probably was a result of a bad cut+paste). The other case was that the authorizedkeys had the wrong key, where the wrong key was either the private key (oops!) or the wrong version because the user had generated multiple keys.

    At this point just visually compare the keys in root’s authorized_keys with the one you generated from windows, and make sure your putty session for root is using the correct version. Good luck.

  • Is there any reason to not just copy the authorized_keys file from the working user into the /root/.ssh folder?

  • Show 7 more comments
2 Answers

What’s odd is that /var/log/auth.log is empty

There are 2 things that I did just now which allowed me to access the DO server using the root account with ssh keys.

  1. I have NO idea how but I noticed the actual /root directory had ownership by 5245:5245 instead of root:root. I checked all users and groups on the DO server and could not find a user or group with the 5245 name. I changed the /root directory to root:root (and recursively just to be sure).
  2. Just to be sure I also copied the /home/george/.ssh/authorizedkeys file to /root/.ssh/authorizedkeys
  3. Just to be sure again, I rebooted the DO machine.

Once I did that I was able to ssh in to the DO machine using the Ubuntu1, Ubuntu2, and Windows PC.

At least I won’t be laying in bed tonight trying to figure out what was going on but I still wonder why things were wrong!

  • I did a quick research if there’s a virus that changes root permission to that number. Good news is I didn’t find one. I hope you installed a rootkit scanner, just in case.

Have another answer? Share your knowledge.