CKB:SSH Root Access Restriction openSUSE Leap 16.0: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
K (Remove duplicate line)
K (Changing reference to problem statement.)
 
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 1: Zeile 1:
==Applies To==
==Applies To==
OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0
OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0.


==Problem==
==Problem==
After upgrading to openSUSE Leap 16.0, SSH root login with a password no longer works. Customers who previously accessed their systems remotely as root via password authentication will be locked out after the upgrade.
After upgrading to openSUSE Leap 16.0, SSH root login with a password no longer works. Customers who previously accessed their systems remotely as root via password authentication will be locked out after the upgrade.
'''Reference:''' [https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/16.0/html/release-notes-leap-160/index.html#jsc-PED-4965 openSUSE Leap 16.0 Release Notes – JSC-PED-4965]


==Cause==
==Cause==
Zeile 28: Zeile 30:
## <code>usermod -a -G wheel testuser</code>
## <code>usermod -a -G wheel testuser</code>
# Verify the user can log in via SSH and run <code>sudo</code> commands before upgrading.
# Verify the user can log in via SSH and run <code>sudo</code> commands before upgrading.
'''Reference:''' [https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/16.0/html/release-notes-leap-160/index.html#jsc-PED-4965 openSUSE Leap 16.0 Release Notes – JSC-PED-4965]

Aktuelle Version vom 19. Februar 2026, 15:45 Uhr

Applies To

OpenSUSE upgrade performing from version Leap 15.6 to Leap 16.0.

Problem

After upgrading to openSUSE Leap 16.0, SSH root login with a password no longer works. Customers who previously accessed their systems remotely as root via password authentication will be locked out after the upgrade.

Reference: openSUSE Leap 16.0 Release Notes – JSC-PED-4965

Cause

openSUSE Leap 16.0 disables password-based SSH root login by default, in line with modern Linux security standards. This change reduces the risk of brute-force attacks targeting the root account.

Solution/Workaround

One of the following must be configured before performing the upgrade:

Option 1 — SSH Key Authentication for Root (Recommended) Replace password login with key-based authentication for the root user.

  1. On the client machine, generate an SSH key pair (if not already available):
    1. ssh-keygen -t ed25519
  2. Copy the public key to the target server:
    1. ssh-copy-id root@<server-ip>
  3. Verify key-based login works before upgrading:
    1. ssh root@<server-ip>

Option 2 — Create a Non-Root User with sudo Privileges Use a non-root account for remote access post-upgrade.

  1. Create a new user:
    1. useradd -m -s /bin/bash -c "Test User" testuser
    2. sudo passwd testuser
  2. Grant sudo privileges:
    1. usermod -a -G wheel testuser
  3. Verify the user can log in via SSH and run sudo commands before upgrading.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CKB:SSH_Root_Access_Restriction_openSUSE_Leap_16.0&oldid=54004