Date: Wed, 20 Jan 2010 23:09:14 -0500 From: Steve Bertrand <steve@ibctech.ca> To: "Aryeh M. Friedman" <aryeh.friedman@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: ssh to root Message-ID: <4B57D36A.3010303@ibctech.ca> In-Reply-To: <4B57CEB5.2050001@gmail.com> References: <4B57CE44.9060404@gmail.com> <4B57CEB5.2050001@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Aryeh M. Friedman wrote: > I need to set up a machine so that I can type "ssh [host]" as root from > some other host and I get a prompt with super user privs... I already > have set this up for user@host for root and ssh host for normal users... > but root still asks for a password after I set the authorized_keys file > in ~root/.ssh.. I have looked at ssh_config(5) but can't tell what > option (if any) does this... if anyone is coruious the final goal here > is to set up a sysutils/fusefs-ssh for this host (already installed and > working for normal users but want to make it so it is done as root) Don't do it. *never* permit root-level access directly to *any* of your equipment. You want to provide as many levels of escalation to root level as you can, no matter what protocol you are using. Auth in as a normal user (as you stated is already working), and then use sudo(8) to escalate yourself. If you can already "ssh [host]" as a normal user, then you already have the concept of keys. You can automate the escalation after you've authenticated, and then do what you want to do. Seriously... ...don't do it. Steve ps. # pkg_add -r sudo # rehash # man sudo Then, when/if you have problems with specific functions that need root privileges, ask those questions here instead.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B57D36A.3010303>