Date: Fri, 1 Jun 2001 13:46:30 -0700 (PDT) From: Archie Cobbs <archie@packetdesign.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/27821: can't do RSA login via ssh to root account Message-ID: <200106012046.f51KkUE41863@bubba.packetdesign.com>
next in thread | raw e-mail | index | archive | help
>Number: 27821 >Category: bin >Synopsis: can't do RSA login via ssh to root account >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jun 01 13:50:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Archie Cobbs >Release: FreeBSD 4.3-RELEASE i386 >Organization: Packet Design >Environment: System: FreeBSD bubba.packetdesign.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Apr 26 15:28:39 PDT 2001 root@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386 >Description: Normally, when you use ssh-add to add your identity, and the remote accout you're logging into has your public key in it's ${HOME}/.ssh/authorized_keys file, you are allowed to ssh into that machine without providing a password. However, it seems that this doesn't work if the account you are trying to ssh into is "root", though it works for other normal accounts. That is, with the root account only, ssh asks you for the root password instead of just letting you login automatically (with the correct password, the login does then succeed). This is either a bug or at least a documentation omission, as it makes the "PermitRootLogin without-password" setting useless. >How-To-Repeat: Set up /root/.ssh/authorized_keys with your public key on machine A and try to ssh root@A from machine B after adding your public identity via ssh-agent and ssh-add. Of course, machine B needs "PermitRootLogin yes" in /etc/ssh/sshd_config. Both machines are FreeBSD 4.3. >Fix: None. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106012046.f51KkUE41863>