ssh as root with and without private key
Bob Belnap
bbelnap at gmail.com
Tue Jun 2 00:55:14 EST 2009
Dave,
Maybe I'm missing something here... but why don't you just use the
"command=" option in authorized_keys? Then just force the backup key to
only run /root/bin/dobackup, but add your own key without that restriction?
--Bob
On Mon, Jun 1, 2009 at 1:01 AM, Dave Yost <Dave at yost.com> wrote:
> Hi.
>
> I have a client machine using ssh as root via key authorization to a
> server. The client uses rsync to send backup data to the server. I use
> ForceCommand to allow only this activity when using key authorization.
>
> But I also want to be able to ssh as root with a required password to do
> whatever I like.
>
> So I thought that in addition to root, I'd make a rootback account:
>
> root:x:0:0:root:/root:/bin/bash
> rootback:x:0:0:root:/root:/bin/bash
>
> (Entries in /etc/shadow are required for both, turns out.)
>
> In sshd_conf I have this
>
> Match User rootback
> PermitRootLogin yes
> ForceCommand /root/bin/dobackup
> Match User root
> PermitRootLogin yes
> Match
>
> When I
> ssh -l rootback host whatever
> it runs the dobackup script.
>
> However, when I run
> ssh -l root host date
> it logs me in without asking for a password and runs date.
>
> So close. But not right.
>
> Is there a way to get what I want?
>
> I'm running
> openssh.x86_64 5.2p1-2.fc11
> on Fedora 11
>
> Thanks
>
> Dave
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list