Rakhesh Sasidharan wrote:
[snip]
Here's another oddity I encountered today.
If "PermitRootLogin" is set to "forced-commands-only", my understanding
is the SSHD will permit root logins if a command to be executed is
given. But that doesn't seem to be the case in practice! I have keys
setup for root to login, but instead of letting me in with those keys,
SSHD ignores them, passes me to PAM for password prompting (three times)
and the denies me out! Very strange.
PermitRootLogin forced-commands-only
This requires that a command be present in the authorized_keys
file for a given key. For example, root's authorized_keys
file might look like this for an rsync command:
command="/root/.ssh/cron/validate-rsync",from="10.10.10.2",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-dss AAAAB3N_more_public_key_data comment
The entire text above should be only one line in the file.
The command shown in:
command="/root/.ssh/cron/validate-rsync"
I.e. /root/.ssh/cron/validate-rsync
must be the command submitted on the ssh command line, loosely:
$ ssh -i private_key_matching_public_key_in_authorized_keys [EMAIL PROTECTED] \
/root/.ssh/cron/validate-rsync
The root user cannot otherwise login to the system using ssh
unless further keys with corresponding commands exist.
Vinny
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"