SSH KEY with root user doesn't work
Hello community,
I scratching my head with an issue on SSH KEY authorization. I've a Red Hat 5.7 installation that should login via SSH into another machine (it's an OpenVMS OS). I already generated an SSH KEY and user "lucas" CAN login without password on destination machine! Then, if I try with user "root" it always ask me for the password! The authorized_keys files between users are absolutely the same: Quote:
So, why I can login without password with "lucas" and ask me a password for "root" user? Is there any settings on Red Hat that prevent root user login with ssh key? Please help, I'm driving crazy! :( |
Hi
Maybe it's just PermitRootLogin no in /etc/ssh/sshd_config ? |
Quote:
Code:
# cat /etc/ssh/sshd_config | grep PermitRootLogin |
Wait, I discovered why it doesn't work!!!!
Connection to the "source" machine should be done DIRECTLY. If you connect to a machine, then SSH to "source" machine, and then try SSH on the "destination" machine it will ask for password. Instead, if you connect directly to the "source" machine and then SSH the "destination" machine it works! Honestly I don't know if this behaviour is normal and why it happens! It will be much appreciated if someone can explain me! ;) |
In normal ssh setup it does not matter how you logged in "source Machine" (directly/Indirectly)
Question 1. What command you are using to for ssh login (please paste both commands (for root and lucas user)? 2. Are you using the same ssh key pair for root and lucas or you have different SSH key pairs for each user? PS: Although it is not concern here. Just let you know, it is a security issue to permit root logins on machines |
Quote:
|
Quote:
2. Yes same SSH keys for root and lucas users BTW, I also knew that source machine doesn't matter in a "normal" SSH server config, but maybe there's something to prevent that for both users. Let me explain better witch is my environment. Since I cannot reach directly the first machine, I login first into another server (using the same SSH key) and then SSH to the final server. That operation doesn't work for both users. Instead, if I use tunneling, to reach directly the 10.99.10.10 server, I'm able to login into the final server without password. I cannot explain this behaviour, that's why I'm just curious if someone know. Lucas |
So the private keys on the machine in the middle maybe not be the same for both users. You could even use ssh-agent forwarding, then you don’t need any ssh-key on the machine in the middle at all.
|
All times are GMT -5. The time now is 11:58 AM. |