[SOLVED] Login issues with Proxmox VE 7

habitats-tech

habitats-tech

Member
Proxmox Subscriber
Jan 19, 2022
34
9
8
Dubai
portal.habitats.tech
We have ProxMox VE 7 licensed instance, working with no issues for 4 months. As of today we are unable to login through the web interface with "Login failed. Please try again" error. The password was never changed and our last login was end of Dec last year.

We cannot SSH as I think the root account is by default disabled (getting "Permission denied, please try again." error).

How can we overcome this issue as it is critical we access the server (we have several VMs running with no issues) but we want to install tailscale for remote access, plus update proxmox.
 
hi,

habitatstech said:
We cannot SSH as I think the root account is by default disabled (getting "Permission denied, please try again." error).
Click to expand...
no, the root account is not disabled by default.

habitatstech said:
As of today we are unable to login through the web interface with "Login failed. Please try again" error. The password was never changed and our last login was end of Dec last year.
Click to expand...
are you authenticating to Linux PAM realm or PVE realm? make sure you're using the correct credentials.

Username: root
Password: your password
Realm: Linux PAM standard authentication

please also try if you can log in as any other user.

EDIT: btw it's not "ProxMox VE" but "Proxmox VE" or "PVE" :)
 
  • Like
Reactions: Serhioromano
Linix PAM realm
 
we have not setup any additional users. This is a bare metal install of PVE with defaults.
 
This is stansalone bare-metal install not part of an HA solution.
 
No TFA enabled
 
if you really cannot SSH using your credentials anymore then maybe somebody changed the password or the server was compromised?

EDIT: or someone disabled the root account to make the server "more secure"...
 
Last edited:
not possible as it is running in an isolated environment
 
How can we overcome this issue?
 
habitatstech said:
How can we overcome this issue?
Click to expand...
if you or someone has physical access you can reset the password by booting into single user mode on your bootloader... otherwise i'm not sure what you could do without logging in :)

but if you don't remember changing the password (nor your colleagues) or disabling the root account etc. then i'd be really careful with that server... (if it looks like it's compromised from the logs, then just reinstall it)
 
Last edited:
OK will try that. Many thanks. Will let you know one way or another
 
OK problem solved. Thank you for the quick response.
 
  • Like
Reactions: oguz
Someone changed the password. Following this incident we are going to create security procedures even for isolated machines. We are growing and will add more PVE for both ourselves and clients. This is a learning machine instance for PVE.
 
habitatstech said:
Someone changed the password. Following this incident we are going to create security procedures even for isolated machines.
Click to expand...
yes makes sense.

some suggestions then:
* pick a long password for root@pam user, generated and complicated passwords work well (if it's possible do not share this password)
* enable 2FA for the GUI
* use the firewall to limit access from specific management hosts or subnets
* for other users you create, make sure you give them the least possible permissions.
* make sure the machines you're using to access the PVE host are also secured sufficiently (that depends on your environment so i won't go into that)

and also check the authentication logs on the host as a part of your incident response:
* /var/log/pveproxy/access.log
* /var/log/auth.log

you could do something like:
Code: 
$ grep 'access/ticket' /var/log/pveproxy/access.log
::ffff:192.168.X.Y - - [19/01/2022:11:38:45 +0100] "POST /api2/extjs/access/ticket HTTP/1.1" 200 697
the "access/ticket" endpoint is called when someone authenticates using the GUI.

Code: 
$ grep ssh /var/log/auth.log
...
Jan 19 10:40:56 pve sshd[712]: Server listening on :: port 22.
Jan 19 11:38:08 pve sshd[18340]: Accepted password for root from 192.168.X.Y port 43620 ssh2
Jan 19 11:38:08 pve sshd[18340]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Jan 19 11:38:22 pve sshd[18472]: Accepted password for root from 192.168.X.Y port 43622 ssh2
Jan 19 11:38:22 pve sshd[18472]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
Jan 19 11:38:23 pve sshd[18472]: Received disconnect from 192.168.X.Y port 43622:11: disconnected by user
Jan 19 11:38:23 pve sshd[18472]: Disconnected from user root 192.168.X.Y port 43622
Jan 19 11:38:23 pve sshd[18472]: pam_unix(sshd:session): session closed for user root
Jan 19 11:40:48 pve sshd[19197]: Accepted password for root from 192.168.X.Y port 43624 ssh2
Jan 19 11:40:48 pve sshd[19197]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
from there you could see the IP address of the login.

also auditd is useful for reviewing system events (needs to be installed beforehand)
 
Last edited:
Thank you Oguz. Very useful info.
 
  • Like
Reactions: oguz
Buenas...Tengo un problema similar, lo que pasa es que en ni bien instale el Proxmox en un servidor HPE ProLiant DL308 Gen10 (no pude realizar ninguna configuración posteriormente). Al parecer el teclado estaba desconfigurado con respecto a las teclas especiales lo cual digito mal la contraseña del usuario root, para lo cual encontré la solución de restaurarlo por medio de Grub, se logro cambiar la contraseña, pero no me permite el acceso a la interfaz web.

Alguna recomendacion.
Gracias.

Adjunto Video tutorial : https://www.youtube.com/watch?v=4s22pqfgu1c
 
oguz said:
are you authenticating to Linux PAM realm or PVE realm? make sure you're using the correct credentials.
Click to expand...

Thank you! This was my problem. I went to the effort of rebooting to change the root password, and still couldn't log in. Turns out it was the realm selection changing from Linux PAM to PVE, because I had just added a limited PVE account for auditing. I'm relieved my root password wasn't being randomly changed.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back