On Thu, May 25, 2000 at 11:25:18AM +0100, John Horne wrote:
> In this case ssh should be trying to access root on the local system with
> the specified key. Root has the key configured into its authorized_keys2
> file with the 'command=' option. As said, it all worked fine using protocol
> 1.
in openssh, the 'command=' syntax is not yet supporten for protocol 2.
> 1) The local systems where openssh is to be used (initially at least) have
> no users as such but are used by local computing staff. Is there anyway of
> enforcing that ssh is used for, for example, accessing the systems as root.
i don't understand what you want? why do you want to prevent the
users from login via ssh and su to root? you can restrict access
with AllowedUsers/Group, but i'm not sure if this is what you want.
> At present this is done over the local network in the clear by logging in as
> themselves and then su'ing to root - hence the password goes over the net in
> the clear. If I just disabled telnet and su then I'd probably get lynched :-)
but if telnet is used ssh becomes useless.
-markus
