RE: failed root login with shared ssh key

• Previous message: Dave [Hawk-Systems]: "failed root login with shared ssh key"
• In reply to: Dave [Hawk-Systems]: "failed root login with shared ssh key"
• Next in thread: Dave [Hawk-Systems]: "enable root login to remote system (was - failed root login with shared ssh key)"
• Reply: Dave [Hawk-Systems]: "enable root login to remote system (was - failed root login with shared ssh key)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG>
Date: Wed, 27 Aug 2003 10:17:24 -0400

Have tried a few suggestions,

- The source server's ssh doesn't support the -1 option to force ssh to version
1 only.
- the target server is set to support RSA I believe, though I have included the
/etc/ssh/sshd_config file below just in case something in there may be
misconfigured

It appears that the process is working fine, but it just isn't allowing the root
login despite the proper authentication.

Dave

/// trimmed sshd_config - a few options have been uncommented to ensure that is
what they are set to

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# have also tried changeing the above to ~/.ssh....

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

#AFSTokenPassing no

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation no
#Compression yes

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
///

>posted this to questions, but getting nothing but crickets
>
>have several FreeBSD servers around all with varrying installs, 4.3 with a
>number of patches, up to a 4.7 that is relatively new.
>
>Some maintenance on the servers that requires root is run from a master server
>which connects to run the command(s) via SSH. The public key for
>root@master_server has been distributed out to the ~root/.ssh/authorized_keys
>file as per a previous thread on this type of situation.
>
>I am having problems with the 4.7 box in that it will not accept the key
>authentication, and bounces back to asking for a password to login as root. I
>cannot log in as root over ssh with a password, but that fine, i don't want or
>need to. I do need to allow this server to log in using the shared public key
>to this (and all the servers.
>
>Have checked /etc/ssh/sshd_config, and "AllowRootLogin yes" is present, and it
>pretty much matches the other 4.3 to 4.5 installs.
>Have checked /etc/ttys, and while all the ttyps do not specifically state
>secure, neither doe they on the servers that this works fine on.
>
>I am sure I am forgetting something stupid, just have not been able to google
>anything that is pointing me in the right direction. most puzzling is that the
>same setup works fine for the other installs (albeit that I can also log in as
>root using password, which I would like to secure later)
>
>Thanks
>
>Dave
>
>debug from SSH session (and no, df -k is not the command that requires root)

<clipped, see previous message>

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Dave [Hawk-Systems]: "failed root login with shared ssh key"
• In reply to: Dave [Hawk-Systems]: "failed root login with shared ssh key"
• Next in thread: Dave [Hawk-Systems]: "enable root login to remote system (was - failed root login with shared ssh key)"
• Reply: Dave [Hawk-Systems]: "enable root login to remote system (was - failed root login with shared ssh key)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]