LinuxQuestions.org - SSH KEY with root user doesn't work

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - SSH KEY with root user doesn't work (https://www.linuxquestions.org/questions/linux-security-4/ssh-key-with-root-user-doesnt-work-4175420301/)

SSH KEY with root user doesn't work

Hello community,
I scratching my head with an issue on SSH KEY authorization.

I've a Red Hat 5.7 installation that should login via SSH into another machine (it's an OpenVMS OS). I already generated an SSH KEY and user "lucas" CAN login without password on destination machine! Then, if I try with user "root" it always ask me for the password!

The authorized_keys files between users are absolutely the same:

Quote:

-rw------- 1 lucas lucas 2803 Jul 6 2011 /home/lucas/.ssh/authorized_keys
-rw------- 1 root root 2803 Aug 4 09:35 /root/.ssh/authorized_keys

I've also another Red Hat test machine, that can login with "root" user, without problem and plus I can login with a Windows machine without password, both to the same destination server. So the problem isn't located on destination.

So, why I can login without password with "lucas" and ask me a password for "root" user? Is there any settings on Red Hat that prevent root user login with ssh key?

Please help, I'm driving crazy! :(

Hi

Maybe it's just PermitRootLogin no in /etc/ssh/sshd_config ?

Quote:

Originally Posted by Chirel (Post 4745676)

Maybe it's just PermitRootLogin no in /etc/ssh/sshd_config ?

No, PermitRootLogin is setup as yes:

Code:

# cat /etc/ssh/sshd_config | grep PermitRootLogin

PermitRootLogin yes

Wait, I discovered why it doesn't work!!!!

Connection to the "source" machine should be done DIRECTLY. If you connect to a machine, then SSH to "source" machine, and then try SSH on the "destination" machine it will ask for password. Instead, if you connect directly to the "source" machine and then SSH the "destination" machine it works!

Honestly I don't know if this behaviour is normal and why it happens! It will be much appreciated if someone can explain me! ;)

In normal ssh setup it does not matter how you logged in "source Machine" (directly/Indirectly)

Question 1. What command you are using to for ssh login (please paste both commands (for root and lucas user)?
2. Are you using the same ssh key pair for root and lucas or you have different SSH key pairs for each user?

PS: Although it is not concern here. Just let you know, it is a security issue to permit root logins on machines

Quote:

Originally Posted by Lucas Rey (Post 4745700)

To check this is might be good to use ssh -v when connecting. This will show all auth methods that are tried and if something went wrong with any of them.

Quote:

Originally Posted by KinnowGrower (Post 4746539)

Response 1. Simple ssh connection i.e. ssh root@10.99.10.10 and ssh lucas@10.99.10.10
2. Yes same SSH keys for root and lucas users

BTW, I also knew that source machine doesn't matter in a "normal" SSH server config, but maybe there's something to prevent that for both users. Let me explain better witch is my environment. Since I cannot reach directly the first machine, I login first into another server (using the same SSH key) and then SSH to the final server. That operation doesn't work for both users.
Instead, if I use tunneling, to reach directly the 10.99.10.10 server, I'm able to login into the final server without password.

I cannot explain this behaviour, that's why I'm just curious if someone know.

Lucas

So the private keys on the machine in the middle maybe not be the same for both users. You could even use ssh-agent forwarding, then you don’t need any ssh-key on the machine in the middle at all.