From owner-freebsd-questions@FreeBSD.ORG Fri May 30 09:55:35 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1685F106564A for ; Fri, 30 May 2008 09:55:35 +0000 (UTC) (envelope-from jmc-freebsd@milibyte.co.uk) Received: from fhw-relay07.plus.net (fhw-relay07.plus.net [212.159.14.215]) by mx1.freebsd.org (Postfix) with ESMTP id C28ED8FC15 for ; Fri, 30 May 2008 09:55:34 +0000 (UTC) (envelope-from jmc-freebsd@milibyte.co.uk) Received: from [84.92.153.232] (helo=milibyte.co.uk) by fhw-relay07.plus.net with esmtp (Exim) id 1K21Kd-0007FF-Qa; Fri, 30 May 2008 10:55:32 +0100 Received: by milibyte.co.uk with local (Exim 4.69) (envelope-from ) id 1K21Kd-0000pv-6t; Fri, 30 May 2008 10:55:31 +0100 From: Mike Clarke To: freebsd-questions@freebsd.org, z.szalbot@lc-words.com Date: Fri, 30 May 2008 10:55:30 +0100 User-Agent: KMail/1.9.7 References: <483FC2E5.5040706@lc-words.com> In-Reply-To: <483FC2E5.5040706@lc-words.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805301055.31048.jmc-freebsd@milibyte.co.uk> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: jmc-freebsd@milibyte.co.uk X-SA-Exim-Scanned: No (on milibyte.co.uk); SAEximRunCond expanded to false X-Plusnet-Relay: d18b19786f911ce81ea8094f37d27fd2 Cc: Subject: Re: disallow remote root / allow remote root by key X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 09:55:35 -0000 On Friday 30 May 2008, Zbigniew Szalbot wrote: > Server - Remote root login is disallowed but I need to fetch > snaphosts produced by rsnapshot and for this I need remote root > access. Backup machine on a dynamic IP - connects to server using > key-based authentication. Can this machine (and only this machine) > log in remotely as root? Yes, on the remote server set PermitRootLogin to "without-password" instead of "no" in /etc/ssh/sshd_config and append your your public key from the remote machine into /root/.ssh/authorized_keys. -- Mike Clarke