Bug 1968233

Summary: Remote ssh login fail with "Permission denied"
Product: Red Hat Enterprise Linux 9 Reporter: yalzhang <yalzhang>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: fjin, jjelen
Target Milestone: betaKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-07 05:59:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yalzhang@redhat.com 2021-06-07 01:42:29 UTC 
Description of problem:
Remote ssh login fail with  "Permission denied"

Version-Release number of selected component (if applicable):
openssh-8.6p1-5.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. After the OS successfully installed, remote ssh login the system, it will fail with permission denied:
 # ssh root.122.155
root.122.155's password:
Permission denied, please try again.
root.122.155's password:
Permission denied, please try again.
root.122.155's password:
root.122.155: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

2. After logging in the system locally or by the console, check the sshd setting:
[root@localhost ~]# grep PermitRoot  /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# the setting of "PermitRootLogin without-password".
[root@localhost ~]# rpm -qf /etc/ssh/sshd_config
openssh-server-8.6p1-5.el9.x86_64
[root@localhost ~]# rpm -V openssh-server
[root@localhost ~]# echo $?
0

3. Update the configure file, and try remote ssh login:
[root@localhost ~]# echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
[root@localhost ~]# systemctl restart sshd
After this setting, we can login the system by ssh.

Actual results:
can not access the system by ssh

Expected results:
the ssh default setting should allow remote login

Additional info:
Comment 1 yalzhang@redhat.com 2021-06-07 05:59:02 UTC 
Check the man page, the default value is "prohibit-password", the result is as expected.
PermitRootLogin
     Specifies whether root can log in using ssh(1).  The argument must be yes, prohibit-password, forced-commands-only, or no. The default is prohibit-password.