Sshd Allow root to Authenticate with Passwordless Public Key

From NovaOrdis Knowledge Base
Revision as of 21:37, 2 July 2017 by Ovidiu (talk | contribs) (→‎Overview)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Internal

Overview

'root' is allowed to authenticate against the sshd server with a passwordless public key if its "authorized_keys" is set up as described here and the sshd server permits root login in general via the PermitRootLogin configuration directive, unless SELinux is being enforced on the host. If SELinux is being enforced, an attempt to authenticate using a passwordless public key generates the following entry in the sshd server log (in debug mode):

Could not open authorized keys '/root/.ssh/authorized_keys': Permission denied

and the 'root' will be denied access unless it provides the password.

Turning the SELinux to permissive mode will allow the root to log in, but disabling SELinux is usually this is not a good idea.