You could change PermitRootLogin to without-password, that would allow SSH keys only, from what I remember.
I might be wrong. Check sshd_config man page for verification. " 'With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom and warning... The first time any man's freedom is trodden on, we’re all damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG episode "The Drumhead" - Alex Smith - Dulles, Virginia On Thu, Jul 2, 2015 at 12:19 AM, Andrew Farnsworth <farn...@gmail.com> wrote: > So i checked the config file and it is set to use the GSSAPIAuthentication but > we are able to use keys from another server on the network to allow remote > root login. Unfortunately I am not the admin of the machine so, while I > have root access, I hesitate to make a change like this that may lock out > the regular maintenance access. Our Sr Sys Admin is in tomorrow so I will > ask him how he got the ssh keys working for root. > > Thanks! > > Andy > > On Thu, Jul 2, 2015 at 12:08 AM, Tilghman Lesher <tilgh...@meg.abyt.es> > wrote: > >> RedHat likes configuring options that work perfectly in a homogenous >> network of all RedHat machines. The problem is that if you have >> _other_ machines in your network, some of those options don't play >> nicely. >> >> On Wed, Jul 1, 2015 at 9:22 PM, Alex Smith (K4RNT) >> <shadowhun...@gmail.com> wrote: >> > That's a new one to me, having to turn off Kerberos when the system >> isn't >> > even configured for it. >> > >> > I'll keep that in mind though, thanks for the info Tilghman. >> > >> > " 'With the first link, the chain is forged. The first speech censured, >> the >> > first thought forbidden, the first freedom denied, chains us all >> > irrevocably.' Those words were uttered by Judge Aaron Satie as wisdom >> and >> > warning... The first time any man's freedom is trodden on, we’re all >> > damaged." - Jean-Luc Picard, quoting Judge Aaron Satie, Star Trek: TNG >> > episode "The Drumhead" >> > - Alex Smith >> > - Dulles, Virginia >> > >> > On Wed, Jul 1, 2015 at 9:40 PM, Tilghman Lesher <tilgh...@meg.abyt.es> >> > wrote: >> >> >> >> It's RedHat, which means you have to tweak the sshd_config file, to >> >> turn off Kerberos authentication. When you turn that off, key-based >> >> authentication works perfectly. Specifically, you want to set: >> >> >> >> GSSAPIAuthentication off >> >> >> >> On Wed, Jul 1, 2015 at 4:56 PM, Andrew Farnsworth <farn...@gmail.com> >> >> wrote: >> >> > Evening everyone, >> >> > I'm struggling with SSH keys again. I generated a key pair and put >> >> > the >> >> > public key on the server and the private key on my laptop. I >> configured >> >> > Putty to use the private key file and have copied the public key to >> the >> >> > ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 file, set the >> >> > permissions >> >> > to 700 and 600 on the .ssh and authorized_keys/keys2 files. I still >> get >> >> > a >> >> > "server refused our key" message when trying to login and it then >> >> > prompts >> >> > for password. >> >> > >> >> > note: I tried generating keys using the putty keygen and using the >> >> > keygen on >> >> > the linux server. >> >> > >> >> > OS is RHEL 6.6 >> >> > >> >> > Any idea where I am going wrong? >> >> > >> >> > Andy >> >> > >> >> > -- >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "NLUG" group. >> >> > To post to this group, send email to nlug-talk@googlegroups.com >> >> > To unsubscribe from this group, send email to >> >> > nlug-talk+unsubscr...@googlegroups.com >> >> > For more options, visit this group at >> >> > http://groups.google.com/group/nlug-talk?hl=en >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "NLUG" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an >> >> > email to nlug-talk+unsubscr...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> >> >> >> -- >> >> Tilghman >> >> >> >> -- >> >> -- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "NLUG" group. >> >> To post to this group, send email to nlug-talk@googlegroups.com >> >> To unsubscribe from this group, send email to >> >> nlug-talk+unsubscr...@googlegroups.com >> >> For more options, visit this group at >> >> http://groups.google.com/group/nlug-talk?hl=en >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "NLUG" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> an >> >> email to nlug-talk+unsubscr...@googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > -- >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "NLUG" group. >> > To post to this group, send email to nlug-talk@googlegroups.com >> > To unsubscribe from this group, send email to >> > nlug-talk+unsubscr...@googlegroups.com >> > For more options, visit this group at >> > http://groups.google.com/group/nlug-talk?hl=en >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "NLUG" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to nlug-talk+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> Tilghman >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to nlug-talk@googlegroups.com >> To unsubscribe from this group, send email to >> nlug-talk+unsubscr...@googlegroups.com >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to nlug-talk+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to nlug-talk@googlegroups.com > To unsubscribe from this group, send email to > nlug-talk+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to nlug-talk+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to nlug-talk+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
