On Sat, May 08, 1999 at 05:52:54PM -0400, Cimarron Ryan <[EMAIL PROTECTED]>
wrote:
> Yeah, both of those are set in /etc/sshd_config.
>
> Here's the transcript using -v (piped through sed a couple of times to mask
> the irrelevant data, obviously)
>
> [privuser@privuser dir]$ ssh -v -l root localhost
> SSH Version 1.2.26 [i586-unknown-linux], protocol version 1.5.
> Standard version. Does not use RSAREF.
> my.ip.address: Reading configuration data /etc/ssh_config
> my.ip.address: ssh_connect: getuid 500 geteuid 0 anon 0
> my.ip.address: Allocated local port 1023.
> my.ip.address: Connecting to 127.0.0.1 port 22.
> my.ip.address: Connection established.
> my.ip.address: Remote protocol version 1.5, remote software version 1.2.26
> my.ip.address: Waiting for server public key.
> my.ip.address: Received server public key (768 bits) and host key (1024
> bits).
> my.ip.address: Forcing accepting of host key for localhost.
> my.ip.address: Host '127.0.0.1' is known and matches the host key.
> my.ip.address: Initializing random; seed file
> /home/privuser/.ssh/random_seed
> my.ip.address: Encryption type: idea
> my.ip.address: Sent encrypted session key.
> my.ip.address: Installing crc compensation attack detector.
> my.ip.address: Received encrypted confirmation.
> my.ip.address: Trying rhosts or /etc/hosts.equiv with RSA host
> authentication.
> my.ip.address: Server refused our rhosts authentication or host key.
> my.ip.address: Connection to authentication agent opened.
> my.ip.address: Trying RSA authentication via agent with
> '[EMAIL PROTECTED]'
> my.ip.address: Remote: Bad file modes for /root
> my.ip.address: Server refused our key.
> my.ip.address: RSA authentication using agent refused.
> my.ip.address: Trying RSA authentication with key '[EMAIL PROTECTED]'
> my.ip.address: Remote: Bad file modes for /root
> my.ip.address: Server refused our key.
> my.ip.address: Doing password authentication.
> [EMAIL PROTECTED]'s password:
>
>
> Looks like those "Bad file modes for /root" might be relevant, but I don't
> exactly know what they mean.
That means that either /root or /root/.ssh directories have odd
file permissions. Either they are non-readable or world readable or
something. Do as root: "chmod -R 755 /root"
And see if that helps (that will make /root and everything below
that directory including .ssh mode 755)
>
> As to the why of it... my passwords are all quite long, with very high
> entropy. I don't like to run as root, but find that I frequently need root
> privilidges to tweak my machine, so it seems to me that it'd just make my
> life easier to ssh directly to root. And hey, it's perfectly secure to do
> so, right? So why not?
Actually, IMHO it might be best to ssh in as user and then su(1) ;)
-- Yan
> -----Original Message-----
> From: Jan B. Koum [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, May 08, 1999 17:24
> To: Cimarron Ryan; [EMAIL PROTECTED]
> Subject: Re: ssh -l root
>
>
> On Sat, May 08, 1999 at 04:13:16PM -0400, Cimarron Ryan
> <[EMAIL PROTECTED]> wrote:
> > I'd like to be able to ssh to root on my local machine.
>
> Why? Why not ssh as a user and then su(1)?
>
> > I've created a key pair for the user, and I've copied the user's public
> key
> > into /root/.ssh/authorized_keys. But whenever I try to "ssh -l root
> > localhost", I'm asked for the root password (not the passphrase for the
> key,
> > the actual root passsword on the machine).
>
> Run ssh with "-v" flag to see why it does not want to do RSA. Also
> make sure you have "PermitRootLogin yes" and "RSAAuthentication yes" in
> your sshd_config file.
>
>
> > As I understand it, sshd defaults to allow root to login with ssh. Anyone
> > know what could be going wrong?
>
> I am puzzled as to why would anyone want to ssh in as root ;)
>
> -- Yan
>
> --
> "My experience and some of my friends' experience is that Linux is quite
> unreliable. Microsoft is really unreliable but Linux is worse. In a non-PC
> environment, it just won't hold up. If you're using it on a single box,
> that's one thing. But if you want to use Linux in firewalls, gateways,
> embedded systems, and so on, it has a long way to go." - Ken Thompson
>
>
--
"My experience and some of my friends' experience is that Linux is quite
unreliable. Microsoft is really unreliable but Linux is worse. In a non-PC
environment, it just won't hold up. If you're using it on a single box,
that's one thing. But if you want to use Linux in firewalls, gateways,
embedded systems, and so on, it has a long way to go." - Ken Thompson
