Sshd Allow root to Authenticate with Passwordless Public Key: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Internal= * OpenSSH Server Operations Allow the root to log in with public key pass wordlessly Could not open authorized keys '/r...") |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
* [[OpenSSH Operations#Server_Operations|OpenSSH Server Operations]] | * [[OpenSSH Operations#Server_Operations|OpenSSH Server Operations]] | ||
=Overview= | |||
'root' is allowed to authenticate against the sshd server with a passwordless public key if its "authorized_keys" is set up [[Ssh_Configure_Public/Private_Key_Authentication#Install_the_Public_Key_on_All_Machines_to_Log_in_Into|as described here]] and the sshd server permits root login in general via the [[Sshd_Configuration#Allow_root_To_Connect_with_Password|PermitRootLogin configuration directive]], ''unless [[Selinux|SELinux]] is being enforced on the host''. If SELinux is being enforced, an attempt to authenticate using a passwordless public key generates the following entry in the sshd server log (in debug mode): | |||
Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied | Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied | ||
and the 'root' will be denied access unless it provides the password. | |||
[[SELinux_Operations#Configure_Permissive_Mode|Turning the SELinux to permissive mode]] will allow the root to log in, but disabling SELinux is usually this is not a good idea. | |||
Latest revision as of 21:37, 2 July 2017
Internal
Overview
'root' is allowed to authenticate against the sshd server with a passwordless public key if its "authorized_keys" is set up as described here and the sshd server permits root login in general via the PermitRootLogin configuration directive, unless SELinux is being enforced on the host. If SELinux is being enforced, an attempt to authenticate using a passwordless public key generates the following entry in the sshd server log (in debug mode):
Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied
and the 'root' will be denied access unless it provides the password.
Turning the SELinux to permissive mode will allow the root to log in, but disabling SELinux is usually this is not a good idea.