SSH as root with specific IP
I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? -- www.johntate.org
Re: SSH as root with specific IP
ssh -lroot youriphere -p1157 -l ==login -p == port number On Mon, Sep 30, 2013 at 11:59 AM, John Tate j...@johntate.org wrote: I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? -- www.johntate.org
Re: SSH as root with specific IP
On Mon, Sep 30, 2013 at 8:29 AM, John Tate j...@johntate.org wrote: I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? man sshd_config And look for Match blocks.
Re: SSH as root with specific IP
On Mon, 30 Sep 2013, John Tate wrote: I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? I assume you mean that you want the source to be from a specific IP address. That is, you have more than one address on the computer and you want the request to be from an alias. Is that right? If so, try this: ssh -b 192.168.1.201 root@192.168.1.76 If you are connecting to a specific IP address, that is rather trivial. Unless, of course, you do not permit logins to root. Are you using RSA or DSA keys to do it? If so, you can set PermitRootLogin without-password in your /etc/ssh/sshd_config file. To make the connection automagically, you can either leave the pasword blank when running ssh-keygen or use the keychain program so that you only have to enter the password when you bring up the machine. There is a method whereby you can create a certificate signed with a key issued by a certificate authority that can restrict a connection to the server from one particular host. That way, if someone else manages to get a copy of your host key, they will not be able to use it to connect to the server from their machine if their machine is not on the address list. Disclaimer: I've never tried using ssh certificates so you might want something from someone who knows more about them. Eric Johnson
Re: SSH as root with specific IP
Le 2013-09-30 08:29, John Tate a écrit : I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? You can use Match statement in your sshd_config to allow root connections only on a particular IP. Also, if you use RSA, DSA or ECDSA key, you should add it to the file authorized_keys on the server and restrict this key to a single command with command=... Do not turn on PermitRootLogin without Match statement. see sshd(8) for the keywords you can add in your authorized_keys to limit the root access.
Re: SSH as root with specific IP
oops. meant to send to list... (this time with cheesy ASCII graphics which will probably get mauled by most mail clients) On 09/30/2013 02:29 AM, John Tate wrote: I want to be able to log in as root by SSH with a specific IP address. This is so rsync can log in to the server easily and backup many files owned by many different users and groups. Rather than a script on the server logging into the server with the backups with many files and many different users. Can it be done? been there, doing that... ANOTHER way of doing this, you can modify your root ssh authorized_key file so it only accepts connections from designated sites for a particular key: from=1.2.3.4 ssh-rsa SZJlGKh8nrcSAG/hBi root@backup \__new part__/ \usual part of key__/ (there are lots of other nifty options here -- see man sshd) combine that with no password logins and your goal is accomplished. Nick.
