Cannot SSH into go daddy server

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
I'm going slowly mad. I cannot ssh into two godaddy servers. I'm trying with root (which is enabled) and also with individual user accounts which are in the wheel group and have full shell access. The root password and user passwords are being accepted in WHM no problem so I know they are good.

The faillog file just says NULL NULL etc

Godaddy's legendary support is as much use as a chocolate teapot they say they can login fine.

All I get is Access Denied ........

Any suggestions for diagnosis and fix appreciated !
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
As I said - neither user accounts or root are working. Root access is enabled in sshd.conf
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
password auth is enabled. I have tried ssh keys too. Ssh keys result in 'the server refused our key'
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello :)

Unfortunately, there is not much more you can check for without root access via SSH. You will need to consult with your hosting provider to have them check why "root" access via SSH is not working properly.

Thank you.
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
I do have some access via the configserver explorer plugin via WHM. Yes I am using putty, here's the log :

putty1.PNG
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
I found this in the secure log :

30 03:08:14 ip-XX-XX-XXX-XXX sshd[3864]: pam_unix(sshd:auth): auth could not identify password for [root]
Dec 30 03:08:14 ip-XX-XX-XXX-XXX sshd[3864]: error: ssh_msg_send: write

Also entries that suggest that my IP is listed in DenyUsers ? but I can still access WHM so it's my firewall ??
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
sshd

--

# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no

#X11Forwarding no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server

DenyUsers root
DenyGroups root
UseDNS no
ChallengeResponseAuthentication yes
PasswordAuthentication yes
UsePAM yes
secutetty :

--

console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11

Thanks

Paul
 

oldlock

Well-Known Member
Sep 19, 2008
76
0
56
OK. I commented out the deny users and deny groups entries and now I'm able to get it. The question I don't have an answer for is just when those entries slipped in ...
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
What precisely is deny users and deny groups? Please provide the file that was listing your IP.

Now, since I believe you might mean csf.deny file at /etc/csf location. If you do mean CSF did it, this wouldn't be a cPanel product but that of another company (ConfigServer Security & Firewall). For entries added to /etc/csf/csf.deny, CSF logs to /var/log/lfd.log for LFD brute force detection entries. You should be able to find your IP in that file or in the archive of it if the log has been archived:

Code:
grep IP# /var/log/lfd.log*
 

quietFinn

Well-Known Member
Feb 4, 2006
1,222
87
178
Finland
cPanel Access Level
Root Administrator
What precisely is deny users and deny groups? Please provide the file that was listing your IP.
There were these lines in his sshd_config file (post #11):
Code:
DenyUsers root
DenyGroups root
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
I see. Those lines are not part of the default /etc/ssh/sshd_config file, so someone would have had to manually add them.
 

Craig Buxton

Registered
Feb 8, 2012
1
0
51
cPanel Access Level
Root Administrator
GoDaddy's Virtual Dedicated server (and maybe some of there others) doesn't allow you to connect as "root". I kept getting "access denied." Instead of using root to connect via SSH, you must use cPanel to create another user, then add that user to the "manage wheel" so that the new user will have su access. Then connect using SSH client and new username.