Score:1

SSH will always authenticate as root

vi flag
# ssh -l admin 10.1.0.2
Warning: Permanently added '10.1.0.2' (RSA) to the list of known hosts.
[email protected]'s password: 

Using "OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n" I want to connect to a remote host, but what ever I try, it always reverts the login to root. Configuration files has been renamed to ensure that no User option is being applied. The only hint I get is this line:

debug1: Authenticating to 10.1.0.2:22 as 'root'

-- EDIT --

To provide more information, here is a debug output up to the point where SSH decides to authenticate as root, though told not to do so.

xxxxxxx:~$ ssh -vvv -p4711 [email protected]
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n  15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug2: resolve_canonicalize: hostname xxx.xxx.xxx.xxx is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/xxx/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/xxx/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 4711.
debug1: Connection established.
debug1: identity file /home/xxx/.ssh/id_rsa type -1
debug1: identity file /home/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_dsa type -1
debug1: identity file /home/xxx/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/xxx/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/xxx/.ssh/id_ed25519 type -1
debug1: identity file /home/xxx/.ssh/id_ed25519-cert type -1
debug1: identity file /home/xxx/.ssh/id_ed25519_sk type -1
debug1: identity file /home/xxx/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/xxx/.ssh/id_xmss type -1
debug1: identity file /home/xxx/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5
debug1: match: OpenSSH_8.4p1 Debian-5 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxx.xxx.xxx.xxx:4711 as 'root'
debug3: put_host_port: [xxx.xxx.xxx.xxx]:4711
debug3: hostkeys_foreach: reading file "/home/xxx/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /home/xxx/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from [xxx.xxx.xxx.xxx]:4711
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim

As you can see, there are no configuration file options applied. What puzzles me most is, that on a different host using the same ssh client version, it works. I still think that I'm missing something fundamental. Any ideas?

Thanks.

diya avatar
la flag
That is indeed strange. Typically running the ssh client with `-v` and/or `-vv` debug flags will show which configuration files get applied and in what order, for example `debug1: Reading configuration data /etc/ssh/ssh_config` `debug1: /etc/ssh/ssh_config line 58: Applying options for ...` and debug1: `Reading configuration data /Users/diya/.ssh/config` - Does that list any particulars?
cybin avatar
vi flag
No. I've renamed the files that has been applied to test this, but it didn't solve the problem.
Martin avatar
kz flag
Hi, but one configuration file did get applied: `debug1: Reading configuration data /etc/ssh/ssh_config` - please check its content...
cybin avatar
vi flag
Usually, SSH says something like ```debug1: /etc/ssh/ssh_config line 21: Applying options for *``` if it applies an option. In the output it just reads the file, but doesn't seem to apply anything.
Score:1
vi flag

Sorry, for taking your time... I've found the cause of this behaviour:

alias ssh='ssh -l root -o "PreferredAuthentications publickey,password"'

Didn't know, that a package set this alias in /etc/bash.bashrc.

Kind regards...

Tilman Schmidt avatar
bd flag
Ouch. That's really bad. Which package was responsible for that?
cybin avatar
vi flag
Don't worry. It's in one of our companies package, which are not public.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.