[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sshd PermitRootLogin problem
- To: Brandon Mercer <nomercy_(_at_)_eutonian_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: sshd PermitRootLogin problem
- From: "Rolen, Mark E." <MERolen_(_at_)_apacmail_(_dot_)_com>
- Date: Tue, 2 Nov 2004 13:35:07 -0600
No, setting PermitRootLogin to "forced-commands-only" should allow root to
connect and run a command that is specified for the key in question, when
the command is configured in the options field of authorized_keys.
Or do you mean to tell me that PermitRootLogin without-password on my
machine means anyone can login as root? :P
From: Brandon Mercer [mailto:nomercy_(_at_)_eutonian_(_dot_)_com]
Sent: Tuesday, November 02, 2004 1:09 PM
Subject: Re: sshd PermitRootLogin problem
Ido Admon wrote:
> Hi list,
> In short:
> I set PermitRootLogin in /etc/ssh/sshd_config to
> 'forced-commands-only', as described in sshd_config(5), but when
> trying to log in (with public key auth), I'm asked for a password and
> not allowed in ("Permission denied, please try again.").
> If I comment this option (which defaults to 'PermitRootLogin yes') and
> HUP sshd then I'm let in without hassle (and without being asked for a
> password, i.e. the public key setup is ok)
> So, 'forced-commands-only' doesn't work for me.
> Invoking the client from another machine with or without a command
> argument, gives me the same result: password prompt and failed login
> (no, typing the right password doesn't let me in).
Duh, any time you set Permit Root Login to no it overrides the keys. If you
don't want root to login, then you'd better try a user account with those
Visit your host, monkey.org