These are all great ideas; however, the application has to be able to login (with a password) to boxb. Unfortunately, I'm not looking for a work around. I've got to be able to allow this. What I want to do, though, is only allow that functionality between box a and b.
These are all great ideas, but they don't match what I'm trying to do. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of paul > Sent: Wednesday, March 08, 2006 10:21 PM > To: Triangle Linux Users Group discussion list > Subject: Re: [TriLUG] sshd question > > On 3/8/06, Brian Henning <[EMAIL PROTECTED]> wrote: > > Can you specify an alternate port? Run a separate instance > of SSHD on a > > nonstandard port, configured to allow root login and firewalled (or > > tcpwrappered) to only allow connections from the one machine, maybe? > > > > Would take some trickery with startup scripts, but I bet it could be > > done, if esxranger will let you specify the port. > > > > ~Brian > > > > > > Blackburn, Marvin wrote: > > > its esxranger, the ability to log on as an alternate user > and su to root > > > doesn't work -- bug. > > > so I need to allow root from a to b but only from a to b > > > > > > > > >>-----Original Message----- > > >>From: [EMAIL PROTECTED] > > >>[mailto:[EMAIL PROTECTED] On Behalf Of Rick DeNatale > > >>Sent: Wednesday, March 08, 2006 5:04 PM > > >>To: Triangle Linux Users Group discussion list > > >>Subject: Re: [TriLUG] sshd question > > >> > > >>On 3/8/06, Blackburn, Marvin <[EMAIL PROTECTED]> wrote: > > >> > > >>>Unfortunately, this wont work -- it has to be root > > >> > > >>Does it have to use password authorization? Another > option is to use > > >>key pairs. > > >> > > >>You can also force the command that gets executed by putting the > > >>command into the .ssh/authorized_keys file in root's home > directory. > > >>It's a little tricky but you can execute a script which > "wraps" the > > >>command being executed by the ssh client. > > >> > > >>But why does it HAVE to be root, is the user not > configurable? What's > > >>the application? > > >> > > >>-- > > >>Rick DeNatale > > >> > > >>Visit the Project Mercury Wiki Site > > >>http://www.mercuryspacecraft.com/ > > >>-- > > >>TriLUG mailing list : > > >>http://www.trilug.org/mailman/listinfo/trilug > > >>TriLUG Organizational FAQ : http://trilug.org/faq/ > > >>TriLUG Member Services FAQ : > http://members.trilug.org/services_faq/ > > >> > > >> > > > > > > > > > > -- > > ---------------- > > Brian A. Henning > > strutmasters.com > > 336.597.2397x238 > > ---------------- > > -- > > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > > > Actually, this is rather simple if you can use ssh keys. Generate a > key on box A. Put the public key in the authorized_keys file in .ssh > on box B. Then change the line in sshd_config to: > > PermitRootLogin without-password > > That option allows root logins via ssh with a key. You will not be > able to log in over ssh as root with a password, though it will not > inhibit the ability to ssh in as a regular user with a password and su > to root. > > Hope that is helpful. > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
