David C. Rankin wrote:
Kain, Becki (B.) wrote:
Hi folks:
I can't find a good write up of the options of PermitRootLogin - yes, no, without-passwd, etc... Can someone point me in the right directoin> thanks
There is a very valid and good reason you CAN'T! This is a very bad idea, see the better way below - but, at your own risk:
To setup login without a password:
In your home directory
cd .ssh ssh-keygen -t dsa (hit return twice for no password) cp id_dsa.pub id_dsa.pub.newname (prevents overwriting id_dsa.pub on remote machine) cp or scp id_dsa.pub.newname to /root/.ssh of the machine you have allowed root logins on (Not a good or secure idea - nevertheless) login to that machine as root, cd /root/.ssh cat id_dsa.pub.newname >> authorized_keys logout ssh root@the.machineyouletrootloginon.com should now work without a password
(I repeat, allowing root ssh access is NOT a good idea.)
A far better way if you need to conduct business as root over ssh is to:
On the machine the operations need to be done as root
as root cd /root/.ssh ssh-keygen -t dsa cp id_dsa.pub id_dsa.pub.othernewname (I usually append the host name as othernewname) scp id_dsa.pub.othernewname user@remote.nonrootmachine:~/.ssh
On the machine that doesn't need operations as root
cd ~/.ssh cat id_dsa.pub.othernewname >> authorized_keys
Now you can execute any script as root requiring root privileges on that machine, and as root ssh user@remote.nonrootmachine without a password and pull any data you need to over without ever permitting a root ssh login. On the non-root machine, you may have to give the specific user access to files needed by adding them to a few groups in /etc/group like wwwrun, mail, etc. and you may need to set the group ownership on the needed files and directories, but this is far better that gift wrapping a root exploit to all the script kiddies that will try for ever to root your box over ssh. They only have to succeed once and you are screwed!
And fired. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org