Re: How to log in as root w/o password?



On 08/24/2006 10:44 PM, CptDondo wrote:
My basic setup denies root logins altogether.

But... From one single PC, as one single user, I would like to be able
to log in automagically without a password (actually via a script).

Is there a way to set up authkeys to allow this?

I've tried a few times, but it seems the "no root login" thing overrides
public key authentication.

Create a key pair with ssh-keygen, and copy the contents of the public key
file to root's .ssh/authorized_keys file. Set the permissions properly (600
on the file, and 700 on the .ssh directory).

Next, in your sshd_config, set

PermitRootLogin yes
PubkeyAuthentication yes
AllowUsers root@xxxxxxxxxxxxxxx

You can now log in as root, if you originate from 192.168.xxx.yyy by giving
the command

you@xxxxxxxxxxxxxxx% ssh -i file-with-private-root-key root@xxxxxxxxxxxxxxxx

The disadvantage of using the AllowUsers directive is that ONLY the users
listed that are explicitly listed (or that are matched by wild cards) will
be allowed access. On a system with a large amount of users who are all
allowed remote access via ssh, AllowUsers will incur quite some management
overhead. Using the directive properly (i.e., without wildcards that cover
large networks) will make you practically immune for brute force password
attacks, however.

I recommend not loading root's ssh key into ssh-agent, or if you do, make
sure it expires in something like a half hour or so. You can do that by
using the command

ssh-add -t 1800 file-with-private-root-key

-Kees
.



Relevant Pages

  • Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissio
    ... I know that the setting of CVSUMASK on the server machine> works if you use SSH tunneling though. ... I have tried using SSH in the past, and got stuck setting up the public key login. ... In order to use cvs with ssh, we must use public key authentication. ...
    (freebsd-questions)
  • Re: ssh
    ... ssh can use DSA or RSA keys for authentication. ... public key can decrypt. ... is significantly smaller than that for ssh RSA/DSA keypairs. ... host to capture the key (either an unprotected key or a capture of your ...
    (Vuln-Dev)
  • RE: TIPS FOR THE NEWCOMER
    ... using your old private key, so there's no point in keeping a backup. ... > security risk if I send this through e-mail as an attachment to the ssh ... > has been compromised it does not really matter since it is a public key ... > more words for the passphrase it gets harder to crack? ...
    (SSH)
  • TIPS FOR THE NEWCOMER
    ... Correct me if I am wrong, it appears that ssh and gnupg has similar ... Do I have to send my public key to ... the other machine (ssh client) and likewise do the same thing get a copy ... Is the passphrase function here same as in gnupg that if you have ...
    (SSH)