I run Fedora Core 3 with SELinux passive, and I am trying to do an RSA key SSH to root. (I know, I know - bad idea) - reason being I need to perform commands in PHP as root, which can't be done without SSHing to root in one command blah blah blah...anywho...I can easily authenticate any other user on the system...cept root. I had it working at one time...then it died - I think it could have something to do with the /etc/hosts file being modified. I don't know...any ideas?

I don't know if this will help but it just might.

If you change the hostname or make other changes, attempts to ssh into that machine may fail with a spooky message along the lines of somebody may be doing something bad....

You can get a fresh start by removing the hidden .ssh file in the users home directory ( root in this case ) .

Check the PermitRootLogin setting in your sshd config file (/etc/ssh/sshd_config in Mandriva)

Why not login as a limited user and su in as root?

The problem you facing is that by default, the option to login as root is disabled.

well there can be any of the following reasons. check each one thoroughly.

1> ssh on remote server doesn't allow direct root logins.
check the /etc/ssh/sshd_config on remote box and see if PermitRootLogin is set to YES(allow) or NO(disallow).

2> if possibly the ip or hostname of remote server has changed the you need to remove the line corresponding to the old ip or hostname in ur ~/.ssh/known_hosts file ,save it and then do a fresh ssh to the remote box.

3> analyse your network traffic using tethereal for some potential traffic sniffer and the port and shut down the service on that port.

hope this helps

May I strongly suggest that you investigate sudo, which would allow your PHP script to run the commands specified by you with root permissions. Without having to log in as root. You can even set it up to not require a password.

sudo is also a good option.
but for that matter you can also configure raw ssh not to prompt you for login.
this needs you to generate a public key and a private key using sshkeygen and post the public key to remote box and place private key on ur box.
This is precisely what i do in my automated php and perl scripts that run through cron.

do let me klnow if you need details.

That did it. Easier than I thought - even though I could still login using the password, I couldn't login using RSA without this set. Thanx!

Hi vireshwali,

Browse through this post, if you don't mind to share in detail the steps needed??

regards,
Grant

Hi Grant,
are you intrested in knowing how can you bypass the password prompt when using ssh or scp?

Hi vireshwali,

Yes please!!

hi,
the trick here is to crack ssh well before it goes into keyboard interactive mode.
try ssh -v root@hostname and see the output. We need to crack it when it is trying at a public/private key match.

this url should get you going.
http://ad.hominem.org/log/2004/04/using_ssh_witho.php

alternatively search google for "ssh without password".

do let me know if you get hung up.

Yea - thats what did it for me - the first thing is that you need to have to setting in your SSH conf file...
...then you need to setup the keys...
...that did it for me