From owner-freebsd-questions@FreeBSD.ORG  Fri May 30 09:55:35 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1685F106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 30 May 2008 09:55:35 +0000 (UTC)
	(envelope-from jmc-freebsd@milibyte.co.uk)
Received: from fhw-relay07.plus.net (fhw-relay07.plus.net [212.159.14.215])
	by mx1.freebsd.org (Postfix) with ESMTP id C28ED8FC15
	for <freebsd-questions@freebsd.org>;
	Fri, 30 May 2008 09:55:34 +0000 (UTC)
	(envelope-from jmc-freebsd@milibyte.co.uk)
Received: from [84.92.153.232] (helo=milibyte.co.uk)
	by fhw-relay07.plus.net with esmtp (Exim) id 1K21Kd-0007FF-Qa;
	Fri, 30 May 2008 10:55:32 +0100
Received: by milibyte.co.uk with local (Exim 4.69)
	(envelope-from <jmc-freebsd@milibyte.co.uk>)
	id 1K21Kd-0000pv-6t; Fri, 30 May 2008 10:55:31 +0100
From: Mike Clarke <jmc-freebsd@milibyte.co.uk>
To: freebsd-questions@freebsd.org,
 z.szalbot@lc-words.com
Date: Fri, 30 May 2008 10:55:30 +0100
User-Agent: KMail/1.9.7
References: <483FC2E5.5040706@lc-words.com>
In-Reply-To: <483FC2E5.5040706@lc-words.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200805301055.31048.jmc-freebsd@milibyte.co.uk>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: jmc-freebsd@milibyte.co.uk
X-SA-Exim-Scanned: No (on milibyte.co.uk); SAEximRunCond expanded to false
X-Plusnet-Relay: d18b19786f911ce81ea8094f37d27fd2
Cc: 
Subject: Re: disallow remote root / allow remote root by key
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2008 09:55:35 -0000

On Friday 30 May 2008, Zbigniew Szalbot wrote:

> Server - Remote root login is disallowed but I need to fetch
> snaphosts produced by rsnapshot and for this I need remote root
> access. Backup machine on a dynamic IP - connects to server using
> key-based authentication. Can this machine (and only this machine)
> log in remotely as root?

Yes, on the remote server set PermitRootLogin to "without-password" 
instead of "no" in /etc/ssh/sshd_config and append your your public key 
from the remote machine into /root/.ssh/authorized_keys.

-- 
Mike Clarke