[lug] stupid ssh config question

Stephen Kraus ub3ratl4sf00 at gmail.com
Thu Jun 15 10:14:28 MDT 2017


Always best to keep SSH behind the firewall and only accessible via LAN or
VPN.

On Thu, Jun 15, 2017 at 12:13 PM, Steven A Hart <steven.hart at colorado.edu>
wrote:

> Alan,  I have "PermitRootLogin" set to yes.  I know it's not an ideal
> thing to allow root login over ssh but there are times that I need it.  I
> have all SSH blocked from the outside world via the CU firewall so it's
> fairly safe,
>
> Steve
>
> On Thu, Jun 15, 2017 at 10:10 AM, Alan Robertson <alanr at unix.sh> wrote:
>
>>
>> Normally root is disabled to come in by SSH. I forget the option name but
>> it's something like allow root.
>> --
>>   Alan Robertson
>>   alanr at unix.sh
>>
>>
>>
>> On Thu, Jun 15, 2017, at 10:02 AM, Steven A Hart wrote:
>>
>> I feel stupid even asking this but I have not had enough coffee yet and
>> my brain does not want to see where I screwed up.
>>
>> Simle setup:  one server, one client.  I wanted to set it so that the
>> root user on the server can ssh to the client root user without a password
>> required.
>>
>> So on the server I generated the keys resulting in id_rsa and id_rsa.pub
>> being created.  I moved  id_rsa.pub to authorized_keys and copied that over
>> to the root account on the client in /root/.ssh.  Sure enough, the ssh
>> works from server to client without password.
>>
>> The problem now is that when I ssh from anywhere to the server as either
>> root or my admin account, I get:
>>
>> Permission denied (publickey).
>>
>> I know I made a stupid mistake somewhere, I just need someone to point
>> and say "look there stupid!"
>>
>> Cheers
>>
>> Steve
>>
>> --
>> Steve Hart
>> Systems Administrator
>> Colorado Center for Astrodynamics Research
>> University of Colorado Boulder
>> Steven.Hart at colorado.edu
>> (303)492-8109 <(303)%20492-8109>
>> *_______________________________________________*
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>>
>
>
> --
> Steve Hart
> Systems Administrator
> Colorado Center for Astrodynamics Research
> University of Colorado Boulder
> Steven.Hart at colorado.edu
> (303)492-8109 <(303)%20492-8109>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20170615/e67a6853/attachment.html>


More information about the LUG mailing list