From owner-freebsd-questions@FreeBSD.ORG Fri May 30 11:52:30 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 092A7106566B for ; Fri, 30 May 2008 11:52:30 +0000 (UTC) (envelope-from z.szalbot@lc-words.com) Received: from relay.lc-words.com (relay.lc-words.com [62.121.130.110]) by mx1.freebsd.org (Postfix) with ESMTP id AF90E8FC16 for ; Fri, 30 May 2008 11:52:29 +0000 (UTC) (envelope-from z.szalbot@lc-words.com) Received: from localhost (localhost [127.0.0.1]) by relay.lc-words.com (Postfix) with ESMTP id BCFB5C9427; Fri, 30 May 2008 13:52:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lc-words.com; s=mainlcwords; t=1212148347; bh=i3Dpll/viDz+WpgKpVtZw+8UcDQ9FXp8RcZ Vekn+vFQ=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:CC: Subject:References:In-Reply-To:Content-Type: Content-Transfer-Encoding; b=EAonHrSUpu4PRGyk3c+NBhv0hLa9f+LcfMdY8 K8uxz7FGnuwctnsdL5TrBMvabmgCdE9DnhOF0N6VG0uoOiRn7MmGSxFWHQpMksVLxh5 vQln7Xj29oRBH+/F5jHhLoQYmVgxLZaOig+PpXLujNmj9ig6dOuWex2tjFpChjQc5wE = Received: from relay.lc-words.com ([127.0.0.1]) by localhost (relay.lc-words.com [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 38567-05; Fri, 30 May 2008 13:52:26 +0200 (CEST) Received: from [127.0.0.1] (cxw210.internetdsl.tpnet.pl [83.19.156.210]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: z.szalbot@lc-words.com) by relay.lc-words.com (Postfix) with ESMTPSA id 71FD5C9423; Fri, 30 May 2008 13:52:26 +0200 (CEST) Message-ID: <483FEA75.7040902@lc-words.com> Date: Fri, 30 May 2008 13:52:21 +0200 From: Zbigniew Szalbot User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Mike Clarke References: <483FC2E5.5040706@lc-words.com> <200805301055.31048.jmc-freebsd@milibyte.co.uk> In-Reply-To: <200805301055.31048.jmc-freebsd@milibyte.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard Cc: freebsd-questions@freebsd.org Subject: Re: disallow remote root / allow remote root by key X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: z.szalbot@lc-words.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 May 2008 11:52:30 -0000 Hello, Mike Clarke: > On Friday 30 May 2008, Zbigniew Szalbot wrote: > >> Server - Remote root login is disallowed but I need to fetch >> snaphosts produced by rsnapshot and for this I need remote root >> access. Backup machine on a dynamic IP - connects to server using >> key-based authentication. Can this machine (and only this machine) >> log in remotely as root? > > Yes, on the remote server set PermitRootLogin to "without-password" > instead of "no" in /etc/ssh/sshd_config and append your your public key > from the remote machine into /root/.ssh/authorized_keys. Thank you for this advice! Each time I am surprised how flexible this system is and how helpful its users are! Regards, -- Zbigniew Szalbot www.lc-words.com