Re: SSH authenticate root and nonroot user

[diego veiga embraer com br]

Better question

I had generated a key with ssh password for user root, the others users are
accessing the ssh by user and unix password, but how can i do for user root
only authenticate with the key, not with user and unix password too.

Regards,


----- Message from Stuart Sears <stuart sjsears com> on Tue, 3 Feb 2004
11:53:39 +0000 -----
                                            
      To: redhat-list redhat com            
                                            
 Subject: Re: SSH authenticate root and     
          nonroot user                      
                                            

On Tuesday 03 Feb 2004 11:41, diego veiga embraer com br wrote:
> Hi guys,
>
> I would like to configure ssh for root only authenticate with public key
> and nonroot user authenticate with user and password.
> How can I do this?
as root:
ssh-keygen -t dsa
then copy the resulting key (/root/.ssh/id_dsa.pub) to the destination
machine
as
/root/.ssh/authorised_keys

if you want to set no passphrase you may do so, but I _strongly_ recommend
you
do not. This is host-based authentication - anyone who can get access to
your
system as root can ssh without a password to any destination machine with
this key on it - lose your laptop, give up all your security.
Alternatively, set passphrases and use ssh-agent and ssh-add to manage your

keys - one password per session, keys held in memory.
incidentally, you can do this as normal users too - just create the key as
the
user you wish to ssh as...

Stuart
--
Stuart Sears RHCE/RHCX




Diego Brito Veiga
Technical Publications
Phone: +55 (12) 39274293
Fax: +55 (12) 39273342