Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Jun 2001 13:46:30 -0700 (PDT)
From:      Archie Cobbs <archie@packetdesign.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/27821: can't do RSA login via ssh to root account
Message-ID:  <200106012046.f51KkUE41863@bubba.packetdesign.com>
next in thread | raw e-mail | index | archive | help 

>Number:         27821
>Category:       bin
>Synopsis:       can't do RSA login via ssh to root account
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 01 13:50:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Archie Cobbs
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
Packet Design
>Environment:
System: FreeBSD bubba.packetdesign.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Apr 26 15:28:39 PDT 2001 root@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386


>Description:

	Normally, when you use ssh-add to add your identity, and
	the remote accout you're logging into has your public key
	in it's ${HOME}/.ssh/authorized_keys file, you are allowed
	to ssh into that machine without providing a password.

	However, it seems that this doesn't work if the account you
	are trying to ssh into is "root", though it works for other
	normal accounts. That is, with the root account only, ssh
	asks you for the root password instead of just letting you
	login automatically (with the correct password, the login
	does then succeed).

	This is either a bug or at least a documentation omission,
	as it makes the "PermitRootLogin without-password" setting
	useless.

>How-To-Repeat:

	Set up /root/.ssh/authorized_keys with your public key on
	machine A and try to ssh root@A from machine B after adding
	your public identity via ssh-agent and ssh-add.

	Of course, machine B needs "PermitRootLogin yes" in
	/etc/ssh/sshd_config.

	Both machines are FreeBSD 4.3.

>Fix:

	None.


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106012046.f51KkUE41863>