On 3/8/06, Brian Henning <[EMAIL PROTECTED]> wrote: > Can you specify an alternate port? Run a separate instance of SSHD on a > nonstandard port, configured to allow root login and firewalled (or > tcpwrappered) to only allow connections from the one machine, maybe? > > Would take some trickery with startup scripts, but I bet it could be > done, if esxranger will let you specify the port. > > ~Brian > > > Blackburn, Marvin wrote: > > its esxranger, the ability to log on as an alternate user and su to root > > doesn't work -- bug. > > so I need to allow root from a to b but only from a to b > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of Rick DeNatale > >>Sent: Wednesday, March 08, 2006 5:04 PM > >>To: Triangle Linux Users Group discussion list > >>Subject: Re: [TriLUG] sshd question > >> > >>On 3/8/06, Blackburn, Marvin <[EMAIL PROTECTED]> wrote: > >> > >>>Unfortunately, this wont work -- it has to be root > >> > >>Does it have to use password authorization? Another option is to use > >>key pairs. > >> > >>You can also force the command that gets executed by putting the > >>command into the .ssh/authorized_keys file in root's home directory. > >>It's a little tricky but you can execute a script which "wraps" the > >>command being executed by the ssh client. > >> > >>But why does it HAVE to be root, is the user not configurable? What's > >>the application? > >> > >>-- > >>Rick DeNatale > >> > >>Visit the Project Mercury Wiki Site > >>http://www.mercuryspacecraft.com/ > >>-- > >>TriLUG mailing list : > >>http://www.trilug.org/mailman/listinfo/trilug > >>TriLUG Organizational FAQ : http://trilug.org/faq/ > >>TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > >> > >> > > > > > > -- > ---------------- > Brian A. Henning > strutmasters.com > 336.597.2397x238 > ---------------- > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ >
Actually, this is rather simple if you can use ssh keys. Generate a key on box A. Put the public key in the authorized_keys file in .ssh on box B. Then change the line in sshd_config to: PermitRootLogin without-password That option allows root logins via ssh with a key. You will not be able to log in over ssh as root with a password, though it will not inhibit the ability to ssh in as a regular user with a password and su to root. Hope that is helpful. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
