I don’t think the network is badly configured. I think the reason I can’t get into the terminal whilst being able to log into the VNC is that every time I configure a server, one of the first things I do once the OS is installed is to create an ordinary user, give them shell access then ban root from logging in directly.
So root user can only become root user via the su command (or sudo but for configuring, sudo would need to allow longer logins - the risk being to forget to undo that once the configs are done). Any cracker would have to get into the machine first, not easy, and then find the root password. They would need the ordinary user’s private key to get in that way and, as the ordinary user has no permissions and is not a sudoer, then guess the root password. Yes, I know sudoers can be set up to use the target user’s password but that is superfluous to this discussion.
VNC, as I found out yesterday evening, overrides that setup and only allows root, and root only with root’s password.
gogalthorp yes, I agree. It shouldn’t. So my own logic is to suggest the problem, as you hint, lies in “something else going on”.
deano_ferrari, thanks for the link but that is exactly the same part of exactly the same document I have been using as reference.
So, I’m still thinking it is either
i) firewalld and as I reported in an earlier post I have no way of inspecting iptables or ip6tables at the moment (no, TSU, I wasn’t thinking of altering them on the command line just yet, just wanted to see what it is allowing and blocking), or
ii) resolv.conf is being ignored in which case I need to find out which file to amend to get it back into use. The resolv.conf settings are not showing up in yast - I’m not there with yast yet but picking it up as I go along. resolv.conf shows two G DNS server IPs. Why are they not showing in yast?
One other observation is why would a system suddenly allow root-only access? Has something in the overall user permissions been corrupted? I don’t now about that one. Maybe just another red herring, maybe an important item to explore.
That’s where I’m up to now, and ploughing through the YaST docs to see if I can figure my way through. I could be wrong about any of the conclusions i have reached above. Please say so if you suspect that.
Meanwhile, any more suggestions welcomed. I have to confess it is somewhat heartwarming to see so many people prepared to spend some time and lend a hand in trying to fix this problem. I really am grateful.