Re: How to log in as root w/o password?
- From: Michael Heiming <michael+USENET@xxxxxxxxxxxxxx>
- Date: Wed, 30 Aug 2006 19:27:21 +0200
In comp.security.ssh Unruh <unruh-spam@xxxxxxxxxxxxxx>:
CptDondo <yan@xxxxxxxxxxxxxxxx> writes:
My basic setup denies root logins altogether.
Which is stupid. Sometimes root is needed. (and sudo is not a substitute).
No it isn't. A good idea to deny direct root logins via network
per default. Quite a few people connect systems to the internet
with no firewall/etc enabled and perhaps use a trivial root
password. There are quite a few bots trying to break into such
system and it's easy as the account to login is already known.
Someone who wants to use direct root logins, should take the time
to check how to enable it. 'ssh -vvv ...' is usually helpful.
But... From one single PC, as one single user, I would like to be able
to log in automagically without a password (actually via a script).
Use ssh with publick key authentication.
Is there a way to set up authkeys to allow this?
I've tried a few times, but it seems the "no root login" thing overrides
public key authentication.
It may be. So get rid of the "no root login" or do a two step process--
public key to a user account, and then that user account uses has
passwordless login to root ( eg in wheel group with pam.d/su having the
auth sufficient pam_wheel.so trust use_uid
Sounds somehow better, though you can use sudo (NOPASSWD) or just
enable a forced ssh command via keys. There are plenty of
possibilities, but I'd be very careful with direct root logins.
There are tons of documents online how to go about it. ssh-agent
should be used.
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@xxxxxxxxxx | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 320: You've been infected by the Telescoping