Configuration for root logins
Thomas Köller
thomas at koeller.dyndns.org
Sun Jul 14 22:54:35 AEST 2024
Hi,
I am trying to configure OpenSSH to allow root logins, without success
so far. So I could really use some advice.
This is my server configuration:
AllowUsers = thomas root
AuthenticationMethods hostbased,publickey
ExposeAuthInfo = no
ForceCommand none
GSSAPIAuthentication no
HostbasedAcceptedAlgorithms ssh-ed25519
HostbasedAuthentication yes
HostbasedUsesNameFromPacketOnly yes
HostKey /etc/ssh/host_key_sarkovy.koeller.dyndns.org_ed25519
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KerberosAuthentication no
ListenAddress = 192.168.0.1
ListenAddress = fd46:1ffa:d8e0::1
LogLevel VERBOSE
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
PermitTTY yes
PermitTunnel no
PermitUserRC yes
PubkeyAuthentication yes
PubkeyAcceptedAlgorithms ssh-ed25519
UseDNS = no
X11Forwarding no
For now, the client machine is on a static IP address, just for testing
using my in-house network. But later the client machines will be on
dynamic IP addresses, which is why I have
'HostbasedUsesNameFromPacketOnly yes'. With this setup I can log into my
regular user account 'thomas', so hostbased authentication at least
seems to be configured correctly. But root logins are rejected like this:
root at htpc:~# ssh sarkovy
root at sarkovy: Permission denied (hostbased).
I created a /root/.shosts file containing
fd46:1ffa:d8e0::2 root
htpc.koeller.dyndns.org root
to no avail. Enabling debug output on both the server and the client did
not produce anything hinting at the reason why logins are failing, or at
least I have been unable to spot anything like that.
More information about the openssh-unix-dev
mailing list