Date: Mon, 2 Jan 2017 17:26:15 +0100 From: Polytropon <freebsd@edvax.de> To: Ernie Luzar <luzar722@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: how to allow user toor login through ssh Message-ID: <20170102172615.516dc912.freebsd@edvax.de> In-Reply-To: <5869F77D.5050106@gmail.com> References: <5869ADFB.6080000@gmail.com> <20170102024359.aa82ae3e.freebsd@edvax.de> <5869F77D.5050106@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 02 Jan 2017 14:47:25 +0800, Ernie Luzar wrote: > Polytropon wrote: > > On Mon, 02 Jan 2017 09:33:47 +0800, Ernie Luzar wrote: > >> how to allow user toor login through ssh? > > > > It should be sufficient to _enable_ the "toor" user by providing > > him a login shell (use "chsh toor") and a password (use "passwd > > toor"). An additional setting for sshd is not needed because > > toor is treated as a regular user (not "root" which per default > > cannot connect directly per SSH). If possible, check a local > > login first to make sure everything works as intended. You > > should then be able to connect via "ssh toor@foo.example.com". > > > > > > I did not delete toor and then recreate it. There is no need to delete the toor user. Per default, it is an inactive account because it lacks a password and a login shell, so it cannot be used anyway. > I just modified what was > there in the base system with this script. > > #! /bin/sh > pw moduser toor -d /root -s /bin/csh -h 0 << EOD > j722 > EOD That has the same effect as what I mentioned: The user is now capable of interactive login. > Using putty from remote location I connect to the host ok, but toor > login fails with denied message. For user name I use toor ie; no > @domain. Remote putty ssh does work using other account names only. Check your PuTTY configuration, as well as the exact message from sshd (and also take a look at /var/log/auth.log). It might be possible that PuTTY somehow mangles the "user" part of the commonly used "user@host" information. Make sure everything works as intended at both sides of the connection. > When pc is on the LAN can access ftp using toor. Never tested ssh toor > from LAN. If you wish to _disable_ FTP access for toor (because today FTP is often considered a no-go), put "toor", along with "root", at top of /etc/ftpusers; this file, even though it suggests different, contains the account names of those who cannot connect per FTP. Remember FTP is bad from a security point of view because password information is transmitted in plain text (which might not be a problem locally or in a trusted network, but should probably not be exhibited across the Internet). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170102172615.516dc912.freebsd>