Dear Managers,
Sorry for the delay in summarizing. Three people replied with
some helpful suggestions, although no one was able to answer my basic
question (why ssh <host> <command> requires a password when invoked by
root, but not by an ordinary user, even when the appropriate public
keys are available). Thanks to:
trey_at_anvils.org (Trey Valenta)
"Brian Hostetter" <BrianH_at_dice.com>
Steve VanDevender <stevev_at_hexadecimal.uoregon.edu>
Both Trey and Steve suggested using ssh -v (turns on debugging
level 2). I actually had already done that and also tried ssh -d 5
(debugging level 5). Lots of messages, but nothing that helped.
Brian suggested that actually logging in from the server to the
remote and then back using ssh worked for him. This does exchange the
hostkeys, but unfortunately ssh <host> <command> still requires a
password when invoked as root. However, Brian's comment suggests to
me that it's a configuration problem and not an inherent bug in T64U
or SSH. I'll continue to work on this.
Steve suggested setting up the files in /.ssh2/knownhosts and
/etc/ssh2/knownhosts described in the SSH man page so that host-based
authentication would be used (it's used anyways, but by default SSH
then proceeds to public-key authentication of the username and then,
if that fails, to the password challenge I was trying to eliminate).
I wanted to retain the username authentication for a couple of reasons
so I didn't jump at this suggestion. If all else fails, I may have to
fall back to it anyways.
Original post
-------- ----
Dear Managers,
I am experiencing a problem with SSH (v2.0.13) distinct from the
one I just posted. This problem seems to apply to all machines in our
LAN.
If I type a command like this in my ordinary user account
(C2/NIS):
ssh <other machine on our LAN> hostname
ssh uses public key authentication and doesn't require me to type my
password (I have the .ssh2/identification and .ssh2/authorization
files in place) to see the output of the "hostname" command. However,
if I try this as root, I must type root's password even though the
identification and authorization files are present for root. root is
a local account on each machine, not NIS. I'm not sure if this is an
SSH or T64U problem; please pardon me if it is entirely the former.
I have checked the following:
i) sshd2 is running on the target machine.
ii) The /etc/ssh2/ssh2d_config file on the remote machine has the
PermitRootLogin option set to "yes".
iii) I have checked that the public key on my machine's root account
is identical to the public key for the remote machine's root account.
Any suggestions?
Larry
============================================================================
Larry Griffith Dept. of Computer & Info Science
larry_at_cs.wsc.ma.edu Westfield State College
(413) 572-5294 Westfield, MA 01086 USA
PGP public key available at:
http://cs.wsc.ma.edu/dcis/griffith.html
============================================================================
Received on Wed Jan 12 2000 - 15:14:20 NZDT