C/C++教程

How to fix the problem that Raspberry Pi cannot use the root user for SSH login All In One

本文主要是介绍How to fix the problem that Raspberry Pi cannot use the root user for SSH login All In One,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

How to fix the problem that Raspberry Pi cannot use the root user for SSH login All In One

如何修复树莓派无法使用 root 用户进行 SSH 登录的问题

应用场景

修改树莓派默认的密码和用户名后,使用 root 用户 SSH 登录,对 pi/home 文件夹进行备份,复制到新用户下 xgqfrms/home

errors ❌

#  pi 用户切换到 root 用户
$ sudo su

# 设置 root 用户的密码
root@raspberrypi:/home/pi# passwd
新的 密码:
重新输入新的 密码:
passwd:已成功更新密码

# 退回到 pi 用户
root@raspberrypi:/home/pi# exit
exit

# pi 用户退出 SSH 登录
$ logout

# pi 用户 SSH 登录正常 ✅
$ ssh pi@raspberrypi.local

# 密码没有错误,但是 root 用户一直无法 SSH 登录 ❌
$ ssh root@raspberrypi.local
root@raspberrypi.local's password: 
Permission denied, please try again.
root@raspberrypi.local's password: 
Permission denied, please try again.
root@raspberrypi.local's password: 
root@raspberrypi.local: Permission denied (publickey,password).

image

solution ✅

  1. 要给 root 设置登录密码,默认 root 没有密码

  2. 要开启 root 的 SSH 登录权限,默认是不允许 root 进行 SSH 访问的

# 修改
$ sudo vim /etc/ssh/sshd_config

# 重启 sshd 服务
$ systemctl restart sshd
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
重新启动“ssh.service”需要认证。
Authenticating as: ,,, (pi)
Password: 
==== AUTHENTICATION COMPLETE ===

image

prohibit-password => yes

# Authentication:
# 临时打开 ⚠️
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

# Authentication:
+ # 临时打开 ⚠️
+ LoginGraceTime 2m
+ PermitRootLogin yes
+ StrictModes yes
- # LoginGraceTime 2m
- # PermitRootLogin prohibit-password
- # StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

demos

SSH & /etc/ssh/sshd_config

$ cat /etc/ssh/sshd_config

#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Include /etc/ssh/sshd_config.d/*.conf

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:
# 临时打开 ⚠️
LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes

#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem	sftp	/usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

(🐞 反爬虫测试!打击盗版⚠️)如果你看到这个信息, 说明这是一篇剽窃的文章,请访问 https://www.cnblogs.com/xgqfrms/ 查看原创文章!

passwd gnerator

/boot/userconf.txt

$ cat /boot/userconf.txt
pi:/4g6TptuTP5B6

# 密码生成器
$ openssl passwd -6
Password:
Verifying - Password:
$6$lamhqyRZlhl38Rzw$G2bIMwmYKnonpg1bLXFiZR233zjkXKzPb12mHD0dsRuWJvTl.be6uJmBl8pcWx2k6n2EeoORnjZawJDfcCATT/

https://www.raspberrypi.com/documentation/computers/configuration.html#configuring-a-user

refs

https://www.cnblogs.com/xgqfrms/p/17446689.html#5181665

©xgqfrms 2012-2021

www.cnblogs.com/xgqfrms 发布文章使用:只允许注册用户才可以访问!

原创文章,版权所有©️xgqfrms, 禁止转载 🈲️,侵权必究⚠️!

这篇关于How to fix the problem that Raspberry Pi cannot use the root user for SSH login All In One的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
您可能喜欢
栏目导航