setting a password less ssh connection

Karl Larsen k5di at zianet.com
Sat May 20 01:45:03 UTC 2006 

Mikkel L. Ellertson wrote:
> Karl Larsen wrote:
>   
>> Mikkel L. Ellertson wrote:
>>     
>>> hicham wrote:
>>>  
>>>       
>>>> Hello
>>>> I'm having trouble to set a passwordless ssh connection between many
>>>> pcs ,
>>>> I've found lot on the web about exchanging public keys but i still
>>>> cannot make it password less
>>>>
>>>> thanks
>>>>
>>>> hicham
>>>>
>>>>     
>>>>         
>>> Are you trying to log in as root, or as a user using key pairs? I
>>> would have to double check, but I don't think the default sshd
>>> configuration allows root logins. I have "PermitRootLogin no" in my
>>> config file. It needs to be "PermitRootLogin without-password"
>>> instead. (without-password prevents root from logging in using a
>>> password, but will allow it using a key pair.)
>>>
>>> PermitRootLogin
>>>    Specifies whether root can log in using ssh(1).  The argument
>>>    must be ``yes'', ``without-password'', ``forced-commands-only''
>>>    or ``no''.  The default is ``yes''.
>>>
>>>    If this option is set to ``without-password'' password authenti-
>>>    cation is disabled for root.
>>>
>>>    If this option is set to ``forced-commands-only'' root login with
>>>    public key authentication will be allowed, but only if the
>>>    command option has been specified (which may be useful for taking
>>>    remote backups even if root login is normally not allowed).  All
>>>    other authentication methods are disabled for root.
>>>
>>>    If this option is set to ``no'' root is not allowed to log in.
>>>
>>> Mikkel
>>>   
>>>       
>>    I think that is the way to keep it. I log in as a trusted user and
>> then use su - and give the root password and then I am root on that
>> distant computer. I can do almost everything you can do on your own
>> computer. That is how I keep the computer on top of the mountain happy.
>> And I can sftp new software and reboot the computer. Not bad.
>>
>> Karl
>>
>>     
> It depends on what you need to do. If you need to run a remote
> application as root from a script, you may need ether
> forced-commands-only or without-password along with a key pair. For
> a machine that only accepts connection from the local network, the
> risk may be acceptable. One case where you may need this is when you
> use rsync to keep a backup machine in sync with the main machine.
> You are going to need root access on both machines. Depending on
> your backup setup, you may also need it for that.
>
> Mikkel
>   
    YES! I do use rsync and backup is to a third machine. That rsync is 
a remarkable software. I recall first finding that and it's a jewel. 
There is nothing like in Windows.

Karl

More information about the fedora-list mailing list