Re: sshd PermitRootLogin problem

["Rolen, Mark E." <MERolen_(_at_)_apacmail_(_dot_)_com>]

No, setting PermitRootLogin to "forced-commands-only" should allow root to
connect and run a command that is specified for the key in question, when
the command is configured in the options field of authorized_keys.

Or do you mean to tell me that PermitRootLogin without-password on my
machine means anyone can login as root?   :P

sshd(8).


 

-----Original Message-----
From: Brandon Mercer [mailto:nomercy_(_at_)_eutonian_(_dot_)_com] 
Sent: Tuesday, November 02, 2004 1:09 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: sshd PermitRootLogin problem

Ido Admon wrote:

> Hi list,
> In short:
> I set PermitRootLogin in /etc/ssh/sshd_config to 
> 'forced-commands-only', as described in sshd_config(5), but when 
> trying to log in (with public key auth), I'm asked for a password and 
> not allowed in ("Permission denied, please try again.").
> If I comment this option (which defaults to 'PermitRootLogin yes') and 
> HUP sshd then I'm let in without hassle (and without being asked for a 
> password, i.e. the public key setup is ok)
>
> So, 'forced-commands-only' doesn't work for me.
> Invoking the client from another machine with or without a command 
> argument, gives me the same result: password prompt and failed login 
> (no, typing the right password doesn't let me in).

Duh, any time you set Permit Root Login to no it overrides the keys.  If you
don't want root to login, then you'd better try a user account with those
keys. 
Brandon