failed root login with shared ssh key
From: Dave [Hawk-Systems] (dave_at_hawk-systems.com)
Date: 08/27/03
- Previous message: freebsd-users-admin_at_uk.freebsd.org: "Your message to Freebsd-users awaits moderator approval"
- Next in thread: Dave [Hawk-Systems]: "RE: failed root login with shared ssh key"
- Reply: Dave [Hawk-Systems]: "RE: failed root login with shared ssh key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG> Date: Wed, 27 Aug 2003 07:59:04 -0400
posted this to questions, but getting nothing but crickets
have several FreeBSD servers around all with varrying installs, 4.3 with a
number of patches, up to a 4.7 that is relatively new.
Some maintenance on the servers that requires root is run from a master server
which connects to run the command(s) via SSH. The public key for
root@master_server has been distributed out to the ~root/.ssh/authorized_keys
file as per a previous thread on this type of situation.
I am having problems with the 4.7 box in that it will not accept the key
authentication, and bounces back to asking for a password to login as root. I
cannot log in as root over ssh with a password, but that fine, i don't want or
need to. I do need to allow this server to log in using the shared public key
to this (and all the servers.
Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it
pretty much matches the other 4.3 to 4.5 installs.
Have checked /etc/ttys, and while all the ttyps do not specifically state
secure, neither doe they on the servers that this works fine on.
I am sure I am forgetting something stupid, just have not been able to google
anything that is pointing me in the right direction. most puzzling is that the
same setup works fine for the other installs (albeit that I can also log in as
root using password, which I would like to secure later)
Thanks
Dave
debug from SSH session (and no, df -k is not the command that requires root)
///
server# ssh -v target "df -k"
SSH Version OpenSSH_2.3.0 green@FreeBSD.org 20010321, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to target.domain.com [123.456.789.2] port 22.
debug: Allocated local port 921.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
FreeBSD-20020702
debug: no match: OpenSSH_3.4p1 FreeBSD-20020702
debug: Local version string SSH-1.5-OpenSSH_2.3.0 green@FreeBSD.org 20010321
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host 'target' is known and matches the RSA host key.
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key 'root@server.domain.com'
debug: Received RSA challenge from server.
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication refused.
debug: Doing password authentication.
root@target's password:
Permission denied, please try again.
root@target's password:
///
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: freebsd-users-admin_at_uk.freebsd.org: "Your message to Freebsd-users awaits moderator approval"
- Next in thread: Dave [Hawk-Systems]: "RE: failed root login with shared ssh key"
- Reply: Dave [Hawk-Systems]: "RE: failed root login with shared ssh key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
