From owner-freebsd-questions@FreeBSD.ORG Thu Jan 21 04:09:22 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6958D106566C for ; Thu, 21 Jan 2010 04:09:22 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from smtp.ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id E64698FC12 for ; Thu, 21 Jan 2010 04:09:21 +0000 (UTC) Received: (qmail 69786 invoked by uid 89); 21 Jan 2010 04:09:57 -0000 Received: from unknown (HELO ?192.168.1.114?) (steve@ibctech.ca@::ffff:208.70.104.100) by ::ffff:208.70.104.210 with ESMTPA; 21 Jan 2010 04:09:57 -0000 Message-ID: <4B57D36A.3010303@ibctech.ca> Date: Wed, 20 Jan 2010 23:09:14 -0500 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: "Aryeh M. Friedman" References: <4B57CE44.9060404@gmail.com> <4B57CEB5.2050001@gmail.com> In-Reply-To: <4B57CEB5.2050001@gmail.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: ssh to root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 04:09:22 -0000 Aryeh M. Friedman wrote: > I need to set up a machine so that I can type "ssh [host]" as root from > some other host and I get a prompt with super user privs... I already > have set this up for user@host for root and ssh host for normal users... > but root still asks for a password after I set the authorized_keys file > in ~root/.ssh.. I have looked at ssh_config(5) but can't tell what > option (if any) does this... if anyone is coruious the final goal here > is to set up a sysutils/fusefs-ssh for this host (already installed and > working for normal users but want to make it so it is done as root) Don't do it. *never* permit root-level access directly to *any* of your equipment. You want to provide as many levels of escalation to root level as you can, no matter what protocol you are using. Auth in as a normal user (as you stated is already working), and then use sudo(8) to escalate yourself. If you can already "ssh [host]" as a normal user, then you already have the concept of keys. You can automate the escalation after you've authenticated, and then do what you want to do. Seriously... ...don't do it. Steve ps. # pkg_add -r sudo # rehash # man sudo Then, when/if you have problems with specific functions that need root privileges, ask those questions here instead.