ssh as root with and without private key
Dave Yost
Dave at Yost.com
Mon Jun 1 17:01:39 EST 2009
Hi.
I have a client machine using ssh as root via key authorization to a
server. The client uses rsync to send backup data to the server. I
use ForceCommand to allow only this activity when using key
authorization.
But I also want to be able to ssh as root with a required password to
do whatever I like.
So I thought that in addition to root, I'd make a rootback account:
root:x:0:0:root:/root:/bin/bash
rootback:x:0:0:root:/root:/bin/bash
(Entries in /etc/shadow are required for both, turns out.)
In sshd_conf I have this
Match User rootback
PermitRootLogin yes
ForceCommand /root/bin/dobackup
Match User root
PermitRootLogin yes
Match
When I
ssh -l rootback host whatever
it runs the dobackup script.
However, when I run
ssh -l root host date
it logs me in without asking for a password and runs date.
So close. But not right.
Is there a way to get what I want?
I'm running
openssh.x86_64 5.2p1-2.fc11
on Fedora 11
Thanks
Dave
More information about the openssh-unix-dev
mailing list