Re: How to log in as root w/o password?
- From: Kees Leune <C.J.Leune@xxxxxx>
- Date: Wed, 30 Aug 2006 09:33:59 +0200
On 08/24/2006 10:44 PM, CptDondo wrote:
My basic setup denies root logins altogether.
But... From one single PC, as one single user, I would like to be able
to log in automagically without a password (actually via a script).
Is there a way to set up authkeys to allow this?
I've tried a few times, but it seems the "no root login" thing overrides
public key authentication.
Create a key pair with ssh-keygen, and copy the contents of the public key
file to root's .ssh/authorized_keys file. Set the permissions properly (600
on the file, and 700 on the .ssh directory).
Next, in your sshd_config, set
PermitRootLogin yes
PubkeyAuthentication yes
AllowUsers root@xxxxxxxxxxxxxxx
You can now log in as root, if you originate from 192.168.xxx.yyy by giving
the command
you@xxxxxxxxxxxxxxx% ssh -i file-with-private-root-key root@xxxxxxxxxxxxxxxx
The disadvantage of using the AllowUsers directive is that ONLY the users
listed that are explicitly listed (or that are matched by wild cards) will
be allowed access. On a system with a large amount of users who are all
allowed remote access via ssh, AllowUsers will incur quite some management
overhead. Using the directive properly (i.e., without wildcards that cover
large networks) will make you practically immune for brute force password
attacks, however.
I recommend not loading root's ssh key into ssh-agent, or if you do, make
sure it expires in something like a half hour or so. You can do that by
using the command
ssh-add -t 1800 file-with-private-root-key
-Kees
.
- References:
- How to log in as root w/o password?
- From: CptDondo
- How to log in as root w/o password?
- Prev by Date: Re: which is better libssh or libssh2
- Next by Date: Re: How to log in as root w/o password?
- Previous by thread: Re: How to log in as root w/o password?
- Next by thread: which is better libssh or libssh2
- Index(es):
Relevant Pages
|
