[ale] Getting root ssh key to work (was Re: [ot] Xmpp, ejabberd question)
David Tomaschik
david at systemoverlord.com
Fri Jan 13 15:28:38 EST 2012
You should have the public key in a file called authorized_keys on the
server side.
David
On Fri, Jan 13, 2012 at 3:06 PM, Tim Watts <tim at cliftonfarm.org> wrote:
> OK, I did an ssh-keygen for root and managed to copy its id_rsa.pub to
> $host:/root/.ssh. (I have "PasswordAuthentication no" in my sshd_config
> so can't use ssh-copy-id.) On the target host it shows this:
>
> $ sudo ls -l /root/.ssh/
> total 8
> -rw-r--r-- 1 root root 396 2012-01-13 14:36 id_rsa.pub
> -rw-r--r-- 1 root root 884 2010-11-28 13:36 known_hosts
>
> On my local machine I have this:
>
> # ls -l /root/.ssh
> total 12
> -rw------- 1 root root 1743 2012-01-13 14:25 id_rsa
> -rw-r--r-- 1 root root 396 2012-01-13 14:25 id_rsa.pub
> -rw-r--r-- 1 root root 884 2009-11-11 06:17 known_hosts
>
> The timestamp difference is due to copying it to my home before scp-ing
> it to the target host.
>
> And yet:
>
> # ssh timtw at blueberry
> Permission denied (publickey).
> # ssh blueberry
> Permission denied (publickey).
>
> My sshd_config has "PermitRootLogin yes". What else could I be missing?
>
>
> On Fri, 2012-01-13 at 13:56 -0500, Jim Kinney wrote:
>> root user needs to do a keygen and put the pub on wilma.
>>
>> On Fri, Jan 13, 2012 at 1:40 PM, Tim Watts <tim at cliftonfarm.org>
>> wrote:
>> On Fri, 2012-01-13 at 11:51 -0500, Jim Kinney wrote:
>> > root on fred goes to fredbak on wilma
>>
>>
>> Just to be clear: does this mean that the backup job runs as
>> root but
>> rsyncs as fredbak (via ssh key) to wilma? As in:
>>
>> # rsync $OPTS $SRC fredbak@$TGTHOST:$DST
>>
>> I get an error when I try to do something similar:
>>
>> OPTS="-az --delete-during --delete-delay -h --progress
>> --stats"
>>
>> # rsync $OPTS /etc /home/timtw
>> timtw at blueberry:/home/timtw/backups/dellberry
>> Permission denied (publickey).
>> rsync: connection unexpectedly closed (0 bytes received so
>> far) [sender]
>> rsync error: unexplained error (code 255) at io.c(601)
>> [sender=3.0.7]
>> #
>>
>> I am able to ssh to blueberry via my ssh key when I'm timtw
>> but not as
>> root. Is my key in the wrong place?
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>>
>>
>> --
>> --
>> James P. Kinney III
>>
>> As long as the general population is passive, apathetic, diverted to
>> consumerism or hatred of the vulnerable, then the powerful can do as
>> they please, and those who survive will be left to contemplate the
>> outcome.
>> - 2011 Noam Chomsky
>>
>> http://heretothereideas.blogspot.com/
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
More information about the Ale
mailing list