setting a password less ssh connection

Mikkel L. Ellertson mikkel at infinity-ltd.com
Sat May 20 00:01:27 UTC 2006


Karl Larsen wrote:
> Mikkel L. Ellertson wrote:
>> hicham wrote:
>>  
>>> Hello
>>> I'm having trouble to set a passwordless ssh connection between many
>>> pcs ,
>>> I've found lot on the web about exchanging public keys but i still
>>> cannot make it password less
>>>
>>> thanks
>>>
>>> hicham
>>>
>>>     
>> Are you trying to log in as root, or as a user using key pairs? I
>> would have to double check, but I don't think the default sshd
>> configuration allows root logins. I have "PermitRootLogin no" in my
>> config file. It needs to be "PermitRootLogin without-password"
>> instead. (without-password prevents root from logging in using a
>> password, but will allow it using a key pair.)
>>
>> PermitRootLogin
>>    Specifies whether root can log in using ssh(1).  The argument
>>    must be ``yes'', ``without-password'', ``forced-commands-only''
>>    or ``no''.  The default is ``yes''.
>>
>>    If this option is set to ``without-password'' password authenti-
>>    cation is disabled for root.
>>
>>    If this option is set to ``forced-commands-only'' root login with
>>    public key authentication will be allowed, but only if the
>>    command option has been specified (which may be useful for taking
>>    remote backups even if root login is normally not allowed).  All
>>    other authentication methods are disabled for root.
>>
>>    If this option is set to ``no'' root is not allowed to log in.
>>
>> Mikkel
>>   
>    I think that is the way to keep it. I log in as a trusted user and
> then use su - and give the root password and then I am root on that
> distant computer. I can do almost everything you can do on your own
> computer. That is how I keep the computer on top of the mountain happy.
> And I can sftp new software and reboot the computer. Not bad.
> 
> Karl
> 
It depends on what you need to do. If you need to run a remote
application as root from a script, you may need ether
forced-commands-only or without-password along with a key pair. For
a machine that only accepts connection from the local network, the
risk may be acceptable. One case where you may need this is when you
use rsync to keep a backup machine in sync with the main machine.
You are going to need root access on both machines. Depending on
your backup setup, you may also need it for that.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!




More information about the users mailing list