On Mon, 22 Nov 2004, Wade Chandler wrote: > Mike Burger wrote: > > On Mon, 22 Nov 2004, Jithesh wrote: > > > > > >>Hi all, > >> > >>I was able to create successful login for the root account from a remote > >>client with the help of the public key and the authorized key. But when > >>I tried to do it for a normal account it still asks for the password. > >> > >>Here is what I have done > >>1. Generated the public key in the client machine. > >>2. Copied the same into the server's normal user account's > >>~/.ssh/authorized_keys > >>3. Changed the permission to read only for the file authorized_keys > >> > >>I did the same thing for the root account and it worked but not or other > >>users. > > > > > > This may not directly answer your question, but wouldn't it be a more > > prudent move to have the users log into the remote system, and either su > > to root, or use sudo to run root level commands? Using sudo, you can A) > > log who ran what and B) not have to give out the root password. > > > I think the question is not how to run commands as root, but how to > setup key files for ssh in the .ssh directory so his users can login > without having to type anything. I really don't have the answer right > now as I have used documentation everytime I did this. I have done this > for sourceforge accounts before. Maybe the sourceforge documentation > could help you. Go to www.sourceforge.net and read the section about > developer access to a project and setting up ssh access with key files. That's the thing...it appears, really, that it specifically has to do with logging in, remotely, as root, by regular users. He specifically stated that he's done what he needs to do to get the root user to be able to ssh directly in using a key...he wants the users to be able to log in as root, using keys. Those users are still going to have to type in whatever commands they need to use, so why not save himself the potential security hassles of having root login, and use sudo (or su, if necessary)? It was just a suggestion, on my part...a way to get around it, which, in my mind, would provide better security for the process. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: site-update-request@xxxxxxxxxxxxxxxxx with a message of: subscribe -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
