disallow remote root / allow remote root by key
Hello, I wonder if it is possible and if so how to go about the following. Server - Remote root login is disallowed but I need to fetch snaphosts produced by rsnapshot and for this I need remote root access. Backup machine on a dynamic IP - connects to server using key-based authentication. Can this machine (and only this machine) log in remotely as root? Is there a better way of handling this? Thanks! -- Zbigniew Szalbot www.lc-words.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disallow remote root / allow remote root by key
Odhiambo Washington: rsync from the backup machine. Can't you modify the rsnapshot code to make the permissions on the files I don't think I can. :) it creates to be accessible by a special group, and create a user in this group which you can then use to login from the backup machine? Just an idea. Besides, I think the point is that permissions/owners are all preserved so that when you need to restore, you don't have to wonder about changing uid/gid. Thanks! -- Zbigniew Szalbot www.lc-words.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disallow remote root / allow remote root by key
On Friday 30 May 2008, Zbigniew Szalbot wrote: Server - Remote root login is disallowed but I need to fetch snaphosts produced by rsnapshot and for this I need remote root access. Backup machine on a dynamic IP - connects to server using key-based authentication. Can this machine (and only this machine) log in remotely as root? Yes, on the remote server set PermitRootLogin to without-password instead of no in /etc/ssh/sshd_config and append your your public key from the remote machine into /root/.ssh/authorized_keys. -- Mike Clarke ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disallow remote root / allow remote root by key
Zbigniew Szalbot wrote: Hello, I wonder if it is possible and if so how to go about the following. Server - Remote root login is disallowed but I need to fetch snaphosts produced by rsnapshot and for this I need remote root access. Backup machine on a dynamic IP - connects to server using key-based As user, I guess? authentication. Can this machine (and only this machine) log in remotely Check sshd_config(5) for PermitRootLogin without-password keyword (I hope I understood you correctly). as root? Is there a better way of handling this? Thanks! HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: disallow remote root / allow remote root by key
Hello, Mike Clarke: On Friday 30 May 2008, Zbigniew Szalbot wrote: Server - Remote root login is disallowed but I need to fetch snaphosts produced by rsnapshot and for this I need remote root access. Backup machine on a dynamic IP - connects to server using key-based authentication. Can this machine (and only this machine) log in remotely as root? Yes, on the remote server set PermitRootLogin to without-password instead of no in /etc/ssh/sshd_config and append your your public key from the remote machine into /root/.ssh/authorized_keys. Thank you for this advice! Each time I am surprised how flexible this system is and how helpful its users are! Regards, -- Zbigniew Szalbot www.lc-words.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]