On Mon, Jan 12, 2004 at 01:14:43PM -0500, Andres Salomon wrote: > With "PermitRootLogin forced-commands-only" in /etc/ssh/sshd_config, > access is not allowed. Instead, I get: > > [EMAIL PROTECTED]:~$ ssh [EMAIL PROTECTED] id > socket: Address family not supported by protocol > [EMAIL PROTECTED]'s password: > > In /var/log/auth.log, I get: > > Jan 12 13:09:34 wax sshd[31981]: ROOT LOGIN REFUSED FROM 127.0.0.1 > > If I change sshd_config to use "PermitRootLogin without-password", it > works fine: > > [EMAIL PROTECTED]:~$ ssh [EMAIL PROTECTED] id > socket: Address family not supported by protocol > uid=0(root) gid=0(root) groups=0(root) > > > From the sshd_config manpage: > If this option is set to ``forced-commands-only'' root login with > public key authentication will be allowed, but only if the > command option has been specified (which may be useful for taking > remote backups even if root login is normally not allowed). All > other authentication methods are disabled for root.
So do you have a command= option for the relevant key in ~root/.authorized_keys? I think not, since your transcript above indicates that you're using password authentication, and the man page explicitly says "root login with public key authentication will be allowed [with the command option, and nothing else]". The authorized_keys file format is described in sshd(8). Cheers, -- Colin Watson [EMAIL PROTECTED]
