From owner-freebsd-bugs Fri Jun 1 13:50: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 006D437B424 for ; Fri, 1 Jun 2001 13:50:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f51Ko0800531; Fri, 1 Jun 2001 13:50:00 -0700 (PDT) (envelope-from gnats) Received: from mailman.packetdesign.com (dns.packetdesign.com [65.192.41.10]) by hub.freebsd.org (Postfix) with ESMTP id 6F0D237B43C for ; Fri, 1 Jun 2001 13:46:30 -0700 (PDT) (envelope-from archie@packetdesign.com) Received: from bubba.packetdesign.com (bubba.packetdesign.com [192.168.0.223]) by mailman.packetdesign.com (8.11.0/8.11.0) with ESMTP id f51KkU219723 for ; Fri, 1 Jun 2001 13:46:30 -0700 (PDT) (envelope-from archie@packetdesign.com) Received: (from archie@localhost) by bubba.packetdesign.com (8.11.3/8.11.1) id f51KkUE41863; Fri, 1 Jun 2001 13:46:30 -0700 (PDT) (envelope-from archie) Message-Id: <200106012046.f51KkUE41863@bubba.packetdesign.com> Date: Fri, 1 Jun 2001 13:46:30 -0700 (PDT) From: Archie Cobbs Reply-To: archie@packetdesign.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/27821: can't do RSA login via ssh to root account Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27821 >Category: bin >Synopsis: can't do RSA login via ssh to root account >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jun 01 13:50:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Archie Cobbs >Release: FreeBSD 4.3-RELEASE i386 >Organization: Packet Design >Environment: System: FreeBSD bubba.packetdesign.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Apr 26 15:28:39 PDT 2001 root@bubba.packetdesign.com:/usr/obj/usr/src/sys/BUBBA i386 >Description: Normally, when you use ssh-add to add your identity, and the remote accout you're logging into has your public key in it's ${HOME}/.ssh/authorized_keys file, you are allowed to ssh into that machine without providing a password. However, it seems that this doesn't work if the account you are trying to ssh into is "root", though it works for other normal accounts. That is, with the root account only, ssh asks you for the root password instead of just letting you login automatically (with the correct password, the login does then succeed). This is either a bug or at least a documentation omission, as it makes the "PermitRootLogin without-password" setting useless. >How-To-Repeat: Set up /root/.ssh/authorized_keys with your public key on machine A and try to ssh root@A from machine B after adding your public identity via ssh-agent and ssh-add. Of course, machine B needs "PermitRootLogin yes" in /etc/ssh/sshd_config. Both machines are FreeBSD 4.3. >Fix: None. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message