[ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)

Tim Watts tim at cliftonfarm.org
Fri Jan 13 15:57:38 EST 2012


On Fri, 2012-01-13 at 15:40 -0500, Jim Kinney wrote:
> On Fri, Jan 13, 2012 at 3:28 PM, David Tomaschik
> <david at systemoverlord.com> wrote:
>         You should have the public key in a file called
>         authorized_keys on the
>         server side.
> 
> Yep! Easy tool is called ssh-copy-id <user>@<hostname>  will do the
> RightThing (tm) on the remote end.
> 
Does root's authorized_keys need to have my public key in order for me
to do "ssh timtw at blueberry"  from root?

I can "ssh blueberry" as root using the key I gen'ed but I can't "ssh
timtw at blueberry" as root (get Permission denied (publickey)).  Same song
when I tried to "ssh-copy-id timtw at blueberry" as root.

It works when I'm timtw no problem, using my key.

> Also you will need to edit the /etc/ssh/sshd_config file and change
> 
> #PubkeyAuthentication yes
> #AuthorizedKeysFile    .ssh/authorized_keys
> 
> to
> 
> PubkeyAuthentication yes
> AuthorizedKeysFile    .ssh/authorized_keys
> 
Already had that.  I can ssh as timtw with my ssh key no problem.

> 
> For the back up process, you will want to put the key in the account
> of the backup user on the far machine (back up data storage system -
> wilma), not root user.
> 
>         
>         David
>         
>         
>         On Fri, Jan 13, 2012 at 3:06 PM, Tim Watts
>         <tim at cliftonfarm.org> wrote:
>         > OK, I did an ssh-keygen for root and managed to copy its
>         id_rsa.pub to
>         > $host:/root/.ssh.  (I have "PasswordAuthentication no" in my
>         sshd_config
>         > so can't use ssh-copy-id.)  On the target host it shows
>         this:
>         >
>         > $ sudo ls -l /root/.ssh/
>         > total 8
>         > -rw-r--r-- 1 root root 396 2012-01-13 14:36 id_rsa.pub
>         > -rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts
>         >
>         > On my local machine I have this:
>         >
>         > # ls -l /root/.ssh
>         > total 12
>         > -rw------- 1 root root 1743 2012-01-13 14:25 id_rsa
>         > -rw-r--r-- 1 root root  396 2012-01-13 14:25 id_rsa.pub
>         > -rw-r--r-- 1 root root  884 2009-11-11 06:17 known_hosts
>         >
>         > The timestamp difference is due to copying it to my home
>         before scp-ing
>         > it to the target host.
>         >
>         > And yet:
>         >
>         > # ssh timtw at blueberry
>         > Permission denied (publickey).
>         > # ssh blueberry
>         > Permission denied (publickey).
>         >
>         > My sshd_config has "PermitRootLogin yes".  What else could I
>         be missing?
>         >
>         >
>         > On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:
>         >> root user needs to do a keygen and put the pub on wilma.
>         >>
>         >> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts
>         <tim at cliftonfarm.org>
>         >> wrote:
>         >>         On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney
>         wrote:
>         >>         > root on fred goes to fredbak on wilma
>         >>
>         >>
>         >>         Just to be clear: does this mean that the backup
>         job runs as
>         >>         root but
>         >>         rsyncs as fredbak (via ssh key) to wilma?  As in:
>         >>
>         >>                # rsync $OPTS $SRC fredbak@$TGTHOST:$DST
>         >>
>         >>         I get an error when I try to do something similar:
>         >>
>         >>         OPTS="-az --delete-during --delete-delay -h
>         --progress
>         >>         --stats"
>         >>
>         >>         # rsync $OPTS /etc /home/timtw
>         >>         timtw at blueberry:/home/timtw/backups/dellberry
>         >>         Permission denied (publickey).
>         >>         rsync: connection unexpectedly closed (0 bytes
>         received so
>         >>         far) [sender]
>         >>         rsync error: unexplained error (code 255) at
>         io.c(601)
>         >>         [sender=3.0.7]
>         >>         #
>         >>
>         >>         I am able to ssh to blueberry via my ssh key when
>         I'm timtw
>         >>         but not as
>         >>         root.  Is my key in the wrong place?
>         >>
>         >>
>         >>         _______________________________________________
>         >>         Ale mailing list
>         >>         Ale at ale.org
>         >>         http://mail.ale.org/mailman/listinfo/ale
>         >>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         >>         http://mail.ale.org/mailman/listinfo
>         >>
>         >>
>         >>
>         >>
>         >> --
>         >> --
>         >> James P. Kinney III
>         >>
>         >> As long as the general population is passive, apathetic,
>         diverted to
>         >> consumerism or hatred of the vulnerable, then the powerful
>         can do as
>         >> they please, and those who survive will be left to
>         contemplate the
>         >> outcome.
>         >> - 2011 Noam Chomsky
>         >>
>         >> http://heretothereideas.blogspot.com/
>         >>
>         >> _______________________________________________
>         >> Ale mailing list
>         >> Ale at ale.org
>         >> http://mail.ale.org/mailman/listinfo/ale
>         >> See JOBS, ANNOUNCE and SCHOOLS lists at
>         >> http://mail.ale.org/mailman/listinfo
>         >
>         >
>         > _______________________________________________
>         > Ale mailing list
>         > Ale at ale.org
>         > http://mail.ale.org/mailman/listinfo/ale
>         > See JOBS, ANNOUNCE and SCHOOLS lists at
>         > http://mail.ale.org/mailman/listinfo
>         >
>         
>         
>         
>         --
>         
>         David Tomaschik, RHCE, LPIC-1
>         System Administrator/Open Source Advocate
>         OpenPGP: 0x5DEA789B
>         http://systemoverlord.com
>         david at systemoverlord.com
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
>         
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
> 
> As long as the general population is passive, apathetic, diverted to
> consumerism or hatred of the vulnerable, then the powerful can do as
> they please, and those who survive will be left to contemplate the
> outcome.
> - 2011 Noam Chomsky
> 
> http://heretothereideas.blogspot.com/
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120113/27cdcaf1/attachment.bin 


More information about the Ale mailing list