From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 24 22:05:33 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D933016A405
	for <freebsd-questions@freebsd.org>;
	Wed, 24 Jan 2007 22:05:33 +0000 (UTC) (envelope-from matt@frii.com)
Received: from mail.frii.com (phobos01.frii.com [216.17.128.161])
	by mx1.freebsd.org (Postfix) with ESMTP id BFCAC13C441
	for <freebsd-questions@freebsd.org>;
	Wed, 24 Jan 2007 22:05:33 +0000 (UTC) (envelope-from matt@frii.com)
Received: from elara.frii.com (elara.frii.com [216.17.128.39])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.frii.com (FRII) with ESMTP id 3F050AE1C0
	for <freebsd-questions@freebsd.org>;
	Wed, 24 Jan 2007 15:05:33 -0700 (MST)
Date: Wed, 24 Jan 2007 15:05:33 -0700 (MST)
From: Matt Ruzicka <matt@frii.com>
X-X-Sender: mattr@elara.frii.com
To: freebsd-questions@freebsd.org
In-Reply-To: <45B7DFB5.2040108@charter.net>
Message-ID: <Pine.BSF.4.64.0701241500490.31475@elara.frii.com>
References: <45B7DFB5.2040108@charter.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: Re: **questions** ssh w/ rsa certs not working
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2007 22:05:33 -0000

On Wed, 24 Jan 2007, Gabriel Rossetti wrote:

> The user needing to log in is root (I know this is not good and turned off by 
> default), so I re-enabled root login with ssh but like I said above, I get a 
> password
> prompt when I do : ssh -l root machine2 whoami


Not sure if there is more going on as well, but you might want to set 
PermitRootLogin without-password in your sshd_config on the server you are 
trying to access.  This /should/ give you a bit more security in that 
someone won't be able to brute force your root password if I understand 
it, but will allow you to login using the sshd keys (if they are set up 
properly).  Might also check file and directory perms on .ssh and the 
different key and authorized_keys2 files involved if you haven't already, 
seems perms often bite me..

Matt Ruzicka - Senior Systems Administrator
FRII
970-212-0728  matt@frii.net