Configuration for root logins

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I am trying to configure OpenSSH to allow root logins, without success so far. So I could really use some advice.

This is my server configuration:

AllowUsers = thomas root
AuthenticationMethods hostbased,publickey
ExposeAuthInfo = no
ForceCommand none
GSSAPIAuthentication no
HostbasedAcceptedAlgorithms ssh-ed25519
HostbasedAuthentication yes
HostbasedUsesNameFromPacketOnly yes
HostKey /etc/ssh/host_key_sarkovy.koeller.dyndns.org_ed25519
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KerberosAuthentication no
ListenAddress = 192.168.0.1
ListenAddress = fd46:1ffa:d8e0::1
LogLevel VERBOSE
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
PermitTTY yes
PermitTunnel no
PermitUserRC yes
PubkeyAuthentication yes
PubkeyAcceptedAlgorithms ssh-ed25519
UseDNS = no
X11Forwarding no

For now, the client machine is on a static IP address, just for testing using my in-house network. But later the client machines will be on dynamic IP addresses, which is why I have 'HostbasedUsesNameFromPacketOnly yes'. With this setup I can log into my regular user account 'thomas', so hostbased authentication at least seems to be configured correctly. But root logins are rejected like this:

root@htpc:~# ssh sarkovy
root@sarkovy: Permission denied (hostbased).

I created a /root/.shosts file containing

fd46:1ffa:d8e0::2 root
htpc.koeller.dyndns.org root

to no avail. Enabling debug output on both the server and the client did not produce anything hinting at the reason why logins are failing, or at least I have been unable to spot anything like that.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux