SSH w/ root and keypair authentication problem
I'm trying to create a backup script that will, when run, connect to
another computer, and rsync all of its partitions into the local computer.
In order to be able to rsync properly and copy all the files, the user
logging in must be root. However, this poses a problem, as
PermitRootLogin was "no" in sshd_config. So here is how I went about
trying to solve the problem.
First, some names. The source computer is called "dh3". The target
computer is "dh2".
On dh2, I ran:
ssh-keygen -t rsa1
ssh-keygen -t rsa
ssh-keygen -t dsa
I chose the default values for all three, so I have 3 key files in
/root/.ssh/, id_rsa, id_dsa, and identity, each with a corresponding
.pub file. For each key, I chose an empty passphrase.
Then, I coped the .pub files to dh3, and concatenated them all into
The authorized_keys file contains the three public keys, delimited by
Here are the contents of sshd_config on dh3:
dh3:~/.ssh# cat /etc/ssh/sshd_config
# Package generated configuration file
# See the sshd(8) manpage for defails
# What ports, IPs and protocols we listen for
# Use these options to restrict which interfaces/protocols sshd will bind to
# HostKeys for protocol version 2
# HostKey for protocol version 1
# Lifetime and size of ephemeral version 1 server key
# rhosts authentication should not be used
# Don't read the user's ~/.rhosts and ~/.shosts files
# For this to work you will also need host keys in /etc/ssh_known_hosts
# similar for protocol version 2
# Uncomment if you don't trust ~/.ssh/known_hosts for
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# Uncomment to disable s/key passwords
# To disable tunneled clear text passwords, change to no here!
# Use PAM authentication via keyboard-interactive so PAM modules can
# properly interface with the user
# To change Kerberos options
# Kerberos TGT Passing does only work with the AFS kaserver
Subsystem sftp /usr/lib/sftp-server
Note the use of PermitRootLogin forced-commands-only which should allow
me to ssh in as root, using my keys, as long as I run a command afterwards.
The actual command being run on dh2 (as root) is something to the effect of:
ssh dh3.doggus.com rsync .....
Doing that, or substituting any command instead of rsync, results in dh3
asking me for a password for root@dh3. With the various -v options, more
information is displayed, but I can't really understand any of it.
Why isn't this keypair scheme working?
1) dh2 is behind a router, whereas dh3 is not. Not sure how this would
2) The format of authorized_keys on dh3 is incorrect somehow.
Any ideas would be greatly appreciated. Thanks!
PS: I'm not subscribed to debian-user, so please reply directly back to me.