[OpenIndiana-discuss] ssh root login

Roel_D openindiana at out-side.nl
Sat Jan 12 23:35:19 UTC 2013 

I still think it is like asking the other car-users for how to disable the brakes on your car...

Kind regards, 

The out-side

Op 13 jan. 2013 om 00:01 heeft Bob Friesenhahn <bfriesen at simple.dallas.tx.us> het volgende geschreven:

> I am trying to accomplish ssh root login with a forced command via an entry in /root/.ssh/authorized_keys.  This is to support my home-made backup system.  The strategy is already working for Solaris 10, Apple OS X, Linux, and FreeBSD hosts.  However, it is failing for OpenIndiana and I am having difficulty determining why.
> 
> I have this in /etc/ssh/sshd_config:
> 
> # Are root logins permitted using sshd.
> # Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
> # maybe denied access by a PAM module regardless of this setting.
> # Valid options are yes, without-password, no.
> PermitRootLogin yes
> 
> Besides, 'yes', I also tried 'forced-commands-only'.  I even tried temporarily editing /etc/default/login and commenting out the CONSOLE entry.  Each time I do 'svcadm refresh svc:/network/ssh:default' and observe that a refresh entry does appear in '/var/svc/log/network-ssh:default.log'.
> 
> I am not able to successfully ssh in as 'root' using root's pass-phrase or password.  I am not able to invoke the forced command using the private key.
> 
> This is what I see on the ssh client side:
> 
> debug1: Next authentication method: publickey
> debug1: Trying public key: /.ssh/id_dsa_rsync
> debug2: we sent a publickey packet, wait for reply
> debug1: Remote: Forced command: /usr/bin/rsync --server --daemon --config=/root/.ssh/rsync.conf .
> debug1: Remote: Pty allocation disabled.
> debug1: Remote: Port forwarding disabled.
> debug1: Remote: X11 forwarding disabled.
> debug1: Remote: Agent forwarding disabled.
> debug1: Server accepts key: pkalg ssh-dss blen 530 lastkey 80a9c50 hint 0
> debug2: input_userauth_pk_ok: fp 23:58:6a:f1:77:62:aa:1b:6c:4b:25:65:7e:64:1a:9e
> debug1: read PEM private key done: type DSA
> debug1: Remote: Forced command: /usr/bin/rsync --server --daemon --config=/root/.ssh/rsync.conf .
> 
> It is seeing my forced command but it is silently rejecting the key. I am not able to find any log file information on the server side (/var/adm/messages) which would provide a hint of why the key is rejected.
> 
> Setting LogLevel to debug has no apparent effect and sshd does little logging to /var/adm/messages.  In other ssh implementations I see many log messages.
> 
> Any ideas?
> 
> Bob
> -- 
> Bob Friesenhahn
> bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
> GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list