I am trying to accomplish ssh root login with a forced command via an
entry in /root/.ssh/authorized_keys. This is to support my home-made
backup system. The strategy is already working for Solaris 10, Apple
OS X, Linux, and FreeBSD hosts. However, it is failing for
OpenIndiana and I am having difficulty determining why.
I have this in /etc/ssh/sshd_config:
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes
Besides, 'yes', I also tried 'forced-commands-only'. I even tried
temporarily editing /etc/default/login and commenting out the CONSOLE
entry. Each time I do 'svcadm refresh svc:/network/ssh:default' and
observe that a refresh entry does appear in
'/var/svc/log/network-ssh:default.log'.
I am not able to successfully ssh in as 'root' using root's
pass-phrase or password. I am not able to invoke the forced command
using the private key.
This is what I see on the ssh client side:
debug1: Next authentication method: publickey
debug1: Trying public key: /.ssh/id_dsa_rsync
debug2: we sent a publickey packet, wait for reply
debug1: Remote: Forced command: /usr/bin/rsync --server --daemon
--config=/root/.ssh/rsync.conf .
debug1: Remote: Pty allocation disabled.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Server accepts key: pkalg ssh-dss blen 530 lastkey 80a9c50 hint 0
debug2: input_userauth_pk_ok: fp 23:58:6a:f1:77:62:aa:1b:6c:4b:25:65:7e:64:1a:9e
debug1: read PEM private key done: type DSA
debug1: Remote: Forced command: /usr/bin/rsync --server --daemon
--config=/root/.ssh/rsync.conf .
It is seeing my forced command but it is silently rejecting the key.
I am not able to find any log file information on the server side
(/var/adm/messages) which would provide a hint of why the key is
rejected.
Setting LogLevel to debug has no apparent effect and sshd does little
logging to /var/adm/messages. In other ssh implementations I see many
log messages.
Any ideas?
Bob
--
Bob Friesenhahn
[email protected], http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
