From owner-freebsd-isp@FreeBSD.ORG  Wed Aug 27 17:11:02 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84F8016A4BF
	for <freebsd-isp@FreeBSD.ORG>; Wed, 27 Aug 2003 17:11:02 -0700 (PDT)
Received: from mail.yadt.co.uk (yadt.demon.co.uk [158.152.4.134])
	by mx1.FreeBSD.org (Postfix) with SMTP id F146643FFD
	for <freebsd-isp@FreeBSD.ORG>; Wed, 27 Aug 2003 17:10:55 -0700 (PDT)
	(envelope-from davidt@yadt.co.uk)
Received: (qmail 14713 invoked from network); 28 Aug 2003 00:10:53 -0000
Received: from unknown (HELO mail.gattaca.yadt.co.uk) (@10.0.0.2)
  by yadt.demon.co.uk with SMTP; 28 Aug 2003 00:10:53 -0000
Received: (qmail 33674 invoked by uid 1000); 28 Aug 2003 00:10:52 -0000
Date: Thu, 28 Aug 2003 01:10:52 +0100
From: David Taylor <davidt@yadt.co.uk>
To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
Message-ID: <20030828001051.GA99734@gattaca.yadt.co.uk>
Mail-Followup-To: "Dave [Hawk-Systems]" <dave@hawk-systems.com>,
	"freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG>
References: <DBEIKNMKGOBGNDHAAKGNOECCDOAC.dave@hawk-systems.com>
	<DBEIKNMKGOBGNDHAAKGNCECLDOAC.dave@hawk-systems.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <DBEIKNMKGOBGNDHAAKGNCECLDOAC.dave@hawk-systems.com>
User-Agent: Mutt/1.4.1i
cc: "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG>
Subject: Re: enable root login to remote system (was - failed root login
	with shared ssh key)
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2003 00:11:02 -0000

On Wed, 27 Aug 2003, Dave [Hawk-Systems] wrote:
> 
> Further test, which I missed earlier for some unknown reason, was to create an
> ssh key for a non-root user, copy to the target server, and try a key
> authenticated login with the non-root user...  worked perfectly.
> 
> As such, the problem does not appear to be with the ssh key login, but with the
> fact that it is a root login.  I am focusing my efforts there.  Any idea as to
> why the server would not allow root login given that we have already checked
> "PermitRootLogin yes" for the sshd_config.  Is there another location or entry
> which would be preventing root logins?

You could always check the permissions on /root/.ssh/ and the files in it.
ssh won't let you use rsa authentication if the permissions on the folders
are too loose (for testing I'd recommend 700/600).

-- 
David Taylor
davidt@yadt.co.uk
"The future just ain't what it used to be"