Re: Peculiar problem with root login
Tom Dial <tddial@comcast.net> writes:
[...]
>From Harry's settings:
>> LoginGraceTime 120
>> PermitRootLogin without-password
Tom D wrote:
> This will prevent root login using a password. Only other methods, such
> as RSA authentication are to be permitted.
That turned out to be exactly the problem.
Somewhere amongst my fiddling, weeks ago now. I must have uncommented
that or something like.
[...]
>From Harry's settings:
>> PermitRootLogin yes
> This may or may not be effective owing the the above setting of
> "PermitRootLogin without-password" depending on how sshd treats
> duplicate setting. My (jessie) man page does not say whether the first
> or last setting will be effective.
I guess we may assume it goes by the first since
'PermitRootLogin yes'
was the very last line of my config.
[...]
David Christensen <dpchrist@holgerdanske.com> writes:
[...]
>> ChallengeResponseAuthentication no
>> PasswordAuthentication yes
>
> I use:
>
> PasswordAuthentication no
>
>
> This requires all users to have their remote user public keys entered
> into their authorized_keys files to log in from those remote hosts.
>
>
>> X11Forwarding yes
>> X11DisplayOffset 10
>> PrintMotd no
>> PrintLastLog yes
>> TCPKeepAlive yes
>> AcceptEnv LANG LC_*
>> Subsystem sftp /usr/lib/openssh/sftp-server
>> UsePAM yes
>> PermitRootLogin yes
>
> This conflicts with the above setting (which is what I use):
>
> PermitRootLogin without-password
Yup, that was the problem
Thank you both for the excellent input.. (snipped in this response but
kept on hand for future reference..)
Reply to: