ssh as root with and without private key

Andy Tsouladze andyb1 at andy-t.org
Tue Jun 2 00:19:19 EST 2009


On Mon, 1 Jun 2009, Darren Tucker wrote:

> Dave Yost wrote:
> [...]
>> In sshd_conf I have this
>>
>>   Match User rootback
>>           PermitRootLogin yes

I am not sure this can worl.  Root login for a non-root user?  Even though 
its UID is 0, for login purposes it is a different user.

>>           ForceCommand /root/bin/dobackup
>>   Match User root
>>           PermitRootLogin yes
>>   Match
>
> Is there something missing here?
>
>> When I
>>   ssh -l rootback host whatever
>> it runs the dobackup script.
>> 
>> However, when I run
>>   ssh -l root host date
>> it logs me in without asking for a password and runs date.
>> 
>> So close. But not right.
>> 
>> Is there a way to get what I want?

I would say the easiest way to accomplish what you want it to use 
different home directories (and thus, different .ssh directories and ssh 
keys) for root and rootback.  Does this work for you?

> You want to disallow public-key authentications for root but not rootback?
>
> Does adding "PubkeyAuthentication no" to the "Match User root" section do it? 
> (You'd probably want to add the other passwordless authmethods to the list 
> to, eg rsa (protocol 1) gssapi hostbased rhostsrsa and so forth).
>
> --

Regards,

Andy

Dr Andy Tsouladze
Sr Unix/Storage SysAdmin


More information about the openssh-unix-dev mailing list