Yeah, both of those are set in /etc/sshd_config.
Here's the transcript using -v (piped through sed a couple of times to mask
the irrelevant data, obviously)
[privuser@privuser dir]$ ssh -v -l root localhost
SSH Version 1.2.26 [i586-unknown-linux], protocol version 1.5.
Standard version. Does not use RSAREF.
my.ip.address: Reading configuration data /etc/ssh_config
my.ip.address: ssh_connect: getuid 500 geteuid 0 anon 0
my.ip.address: Allocated local port 1023.
my.ip.address: Connecting to 127.0.0.1 port 22.
my.ip.address: Connection established.
my.ip.address: Remote protocol version 1.5, remote software version 1.2.26
my.ip.address: Waiting for server public key.
my.ip.address: Received server public key (768 bits) and host key (1024
bits).
my.ip.address: Forcing accepting of host key for localhost.
my.ip.address: Host '127.0.0.1' is known and matches the host key.
my.ip.address: Initializing random; seed file
/home/privuser/.ssh/random_seed
my.ip.address: Encryption type: idea
my.ip.address: Sent encrypted session key.
my.ip.address: Installing crc compensation attack detector.
my.ip.address: Received encrypted confirmation.
my.ip.address: Trying rhosts or /etc/hosts.equiv with RSA host
authentication.
my.ip.address: Server refused our rhosts authentication or host key.
my.ip.address: Connection to authentication agent opened.
my.ip.address: Trying RSA authentication via agent with
'[EMAIL PROTECTED]'
my.ip.address: Remote: Bad file modes for /root
my.ip.address: Server refused our key.
my.ip.address: RSA authentication using agent refused.
my.ip.address: Trying RSA authentication with key '[EMAIL PROTECTED]'
my.ip.address: Remote: Bad file modes for /root
my.ip.address: Server refused our key.
my.ip.address: Doing password authentication.
[EMAIL PROTECTED]'s password:
Looks like those "Bad file modes for /root" might be relevant, but I don't
exactly know what they mean.
As to the why of it... my passwords are all quite long, with very high
entropy. I don't like to run as root, but find that I frequently need root
privilidges to tweak my machine, so it seems to me that it'd just make my
life easier to ssh directly to root. And hey, it's perfectly secure to do
so, right? So why not?
-----Original Message-----
From: Jan B. Koum [mailto:[EMAIL PROTECTED]]
Sent: Saturday, May 08, 1999 17:24
To: Cimarron Ryan; [EMAIL PROTECTED]
Subject: Re: ssh -l root
On Sat, May 08, 1999 at 04:13:16PM -0400, Cimarron Ryan
<[EMAIL PROTECTED]> wrote:
> I'd like to be able to ssh to root on my local machine.
Why? Why not ssh as a user and then su(1)?
> I've created a key pair for the user, and I've copied the user's public
key
> into /root/.ssh/authorized_keys. But whenever I try to "ssh -l root
> localhost", I'm asked for the root password (not the passphrase for the
key,
> the actual root passsword on the machine).
Run ssh with "-v" flag to see why it does not want to do RSA. Also
make sure you have "PermitRootLogin yes" and "RSAAuthentication yes" in
your sshd_config file.
> As I understand it, sshd defaults to allow root to login with ssh. Anyone
> know what could be going wrong?
I am puzzled as to why would anyone want to ssh in as root ;)
-- Yan
--
"My experience and some of my friends' experience is that Linux is quite
unreliable. Microsoft is really unreliable but Linux is worse. In a non-PC
environment, it just won't hold up. If you're using it on a single box,
that's one thing. But if you want to use Linux in firewalls, gateways,
embedded systems, and so on, it has a long way to go." - Ken Thompson
