ssh as root with and without private key
Andy Tsouladze
andyb1 at andy-t.org
Tue Jun 2 00:19:19 EST 2009
On Mon, 1 Jun 2009, Darren Tucker wrote:
> Dave Yost wrote:
> [...]
>> In sshd_conf I have this
>>
>> Match User rootback
>> PermitRootLogin yes
I am not sure this can worl. Root login for a non-root user? Even though
its UID is 0, for login purposes it is a different user.
>> ForceCommand /root/bin/dobackup
>> Match User root
>> PermitRootLogin yes
>> Match
>
> Is there something missing here?
>
>> When I
>> ssh -l rootback host whatever
>> it runs the dobackup script.
>>
>> However, when I run
>> ssh -l root host date
>> it logs me in without asking for a password and runs date.
>>
>> So close. But not right.
>>
>> Is there a way to get what I want?
I would say the easiest way to accomplish what you want it to use
different home directories (and thus, different .ssh directories and ssh
keys) for root and rootback. Does this work for you?
> You want to disallow public-key authentications for root but not rootback?
>
> Does adding "PubkeyAuthentication no" to the "Match User root" section do it?
> (You'd probably want to add the other passwordless authmethods to the list
> to, eg rsa (protocol 1) gssapi hostbased rhostsrsa and so forth).
>
> --
Regards,
Andy
Dr Andy Tsouladze
Sr Unix/Storage SysAdmin
More information about the openssh-unix-dev
mailing list