From owner-freebsd-isp@FreeBSD.ORG  Wed Aug 27 19:31:01 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A72FB16A4BF
	for <freebsd-isp@FreeBSD.ORG>; Wed, 27 Aug 2003 19:31:01 -0700 (PDT)
Received: from web1.nexusinternetsolutions.net
	(web1.nexusinternetsolutions.net [206.47.131.12])
	by mx1.FreeBSD.org (Postfix) with SMTP id 74E9F43FBF
	for <freebsd-isp@FreeBSD.ORG>; Wed, 27 Aug 2003 19:31:00 -0700 (PDT)
	(envelope-from dave@hawk-systems.com)
Received: (qmail 29468 invoked from network); 28 Aug 2003 02:30:57 -0000
Received: from unknown (HELO ws1) (65.49.236.97)
  by web1.nexusinternetsolutions.net with SMTP; 28 Aug 2003 02:30:57 -0000
From: "Dave [Hawk-Systems]" <dave@hawk-systems.com>
To: "David Taylor" <davidt@yadt.co.uk>
Date: Wed, 27 Aug 2003 22:30:56 -0400
Message-ID: <DBEIKNMKGOBGNDHAAKGNOEIIDOAC.dave@hawk-systems.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)
In-Reply-To: <20030828001051.GA99734@gattaca.yadt.co.uk>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
cc: "freebsd-isp@FreeBSD. ORG" <freebsd-isp@FreeBSD.ORG>
Subject: RE: enable root login to remote system (was - failed root login
	with shared ssh key)
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Aug 2003 02:31:01 -0000

>> Further test, which I missed earlier for some unknown reason, was to
>create an
>> ssh key for a non-root user, copy to the target server, and try a key
>> authenticated login with the non-root user...  worked perfectly.
>>
>> As such, the problem does not appear to be with the ssh key login,
>but with the
>> fact that it is a root login.  I am focusing my efforts there.  Any
>idea as to
>> why the server would not allow root login given that we have already checked
>> "PermitRootLogin yes" for the sshd_config.  Is there another
>location or entry
>> which would be preventing root logins?
>
>You could always check the permissions on /root/.ssh/ and the files in it.
>ssh won't let you use rsa authentication if the permissions on the folders
>are too loose (for testing I'd recommend 700/600).

they are set to 0644, the same setting as the non-root test accout previously
discussed anyway, but good thought and worth the try.  unfortunately I tried
0600 and 0700 with the same results.

thanks for the try though

Dave