Re: How to log in as root w/o password?



On 08/24/2006 10:44 PM, CptDondo wrote:
My basic setup denies root logins altogether.

But... From one single PC, as one single user, I would like to be able
to log in automagically without a password (actually via a script).

Is there a way to set up authkeys to allow this?

I've tried a few times, but it seems the "no root login" thing overrides
public key authentication.

Create a key pair with ssh-keygen, and copy the contents of the public key
file to root's .ssh/authorized_keys file. Set the permissions properly (600
on the file, and 700 on the .ssh directory).

Next, in your sshd_config, set

PermitRootLogin yes
PubkeyAuthentication yes
AllowUsers root@xxxxxxxxxxxxxxx

You can now log in as root, if you originate from 192.168.xxx.yyy by giving
the command

you@xxxxxxxxxxxxxxx% ssh -i file-with-private-root-key root@xxxxxxxxxxxxxxxx

The disadvantage of using the AllowUsers directive is that ONLY the users
listed that are explicitly listed (or that are matched by wild cards) will
be allowed access. On a system with a large amount of users who are all
allowed remote access via ssh, AllowUsers will incur quite some management
overhead. Using the directive properly (i.e., without wildcards that cover
large networks) will make you practically immune for brute force password
attacks, however.

I recommend not loading root's ssh key into ssh-agent, or if you do, make
sure it expires in something like a half hour or so. You can do that by
using the command

ssh-add -t 1800 file-with-private-root-key

-Kees
.