Re: question

From: Dale Bohl (dbohl_at_sgi.com)
Date: 02/24/05 

Date: Thu, 24 Feb 2005 10:04:55 -0600

Neil W Rickert wrote:

> Dale Bohl <dbohl@sgi.com> writes:
>
>
>> Is it possible to run ssh as root but use another users
>>login? For example:
>
>
>>root# ssh user@hostname
>
>
> Works fine for me, where I have setup public key auth for that user.
>
>
>> The reason I ask is I'm trying to do an rsync pull as root
>>but use a differnt user so that the directory heiarchy is
>>created on the local system as root.
>
>
> I use it for rsync and scp.
>

Neil,

    Am I doing something wrong then because I cannot get this
to work without ssh asking for a password for the "user" account
when running my rsync script as root.

Here's what I'm doing to setup the auth key.

On defender as the user:
defender.clubfed.sgi.com-163$ ssh-keygen
You must specify a key type (-t).
Usage: ssh-keygen [options]
Options:
   -b bits Number of bits in the key to create.
   -c Change comment in private and public key files.
   -e Convert OpenSSH to IETF SECSH key file.
   -f filename Filename of the key file.
   -g Use generic DNS resource record format.
   -i Convert IETF SECSH to OpenSSH key file.
   -l Show fingerprint of key file.
   -p Change passphrase of private key file.
   -q Quiet.
   -y Read private key file and print public key.
   -t type Specify type of key to create.
   -B Show bubblebabble digest of key file.
   -C comment Provide new comment.
   -N phrase Provide new passphrase.
   -P phrase Provide old passphrase.
   -r hostname Print DNS resource record.
   -G file Generate candidates for DH-GEX moduli
   -T file Screen candidates for DH-GEX moduli
defender.clubfed.sgi.com-164$

defender.clubfed.sgi.com-234$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dbohl/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dbohl/.ssh/id_rsa.
Your public key has been saved in /home/dbohl/.ssh/id_rsa.pub.
The key fingerprint is:
15:f1:d0:14:43:e8:a5:5f:16:70:ce:22:2c:c0:f7:88 dbohl@defender.clubfed.sgi.com
defender.clubfed.sgi.com-235$

This creates the ~dbohl/.ssh/id_rsa.pub file with what I think is a
good key.

I then cut and paste (no \ns) it into the authorized_keys file
on remote_host:/~user/.ssh/ directory.

I test it as dbohl and it fine as me but if I try it
as root with
ssh dbohl@surfdev.corp

It prompts me for a password.

Relevant Pages

  • RE: Linux hacked
    ... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
    (Security-Basics)
  • Re: Linux hacked
    ... To find out what kernel version you are running, type "uname -a" without ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
    (Security-Basics)
  • Re: [SLE] Root password corrupt?
    ... Perhaps root is not allowed to log in via ssh: ... if this is set to "No" then root can not login via ssh. ... Generating public/private dsa key pair. ... Enter passphrase: ...
    (SuSE)
  • Re: X11Forwarding, ssh -X, and /bin/su
    ... ]>but I'm not really tunneled using ssh then, ... ]connecting to the X server and have the home directory NFS-mounted ... ](unless you leave root unmapped over NFS, ... ]root-readable place and set the environment $XAUTHORITY variable ...
    (comp.security.ssh)
  • RE: Linux hacked
    ... hack the box, pull the drive and save it. ... Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ... been unsuccessful in getting root back. ... I found a hidden directory /var/tmp/.tmp that has a bunch of directories ...
    (Security-Basics)