From owner-ssh@clinet.fi Fri May 18 21:43:39 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id VAA28833 for ; Fri, 18 May 2001 21:43:39 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id 539AC20730; Fri, 18 May 2001 21:43:32 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id VAA13278 for ssh-outgoing; Fri, 18 May 2001 21:17:10 +0300 Received: from fw.hel.fi.ssh.com (fw.hel.fi.ssh.com [193.64.193.124]) by mail.clinet.fi (8.9.3/8.9.3) with ESMTP id VAA13271 for ; Fri, 18 May 2001 21:17:09 +0300 Received: from viikuna.hel.fi.ssh.com (viikuna.hel.fi.ssh.com [10.1.0.46]) by fw.hel.fi.ssh.com (SSH-1.22) with SMTP id VAA27748 for ; Fri, 18 May 2001 21:17:09 +0300 (EEST) Received: (qmail 4511 invoked from network); 18 May 2001 18:17:08 -0000 Received: from unknown (HELO clinet.fi) ([10.1.0.48]) (envelope-sender ) by viikuna.hel.fi.ssh.com (qmail-ldap-1.03) with SMTP for ; 18 May 2001 18:17:08 -0000 Message-ID: <3B0566F4.1C2CDBA9@clinet.fi> Date: Fri, 18 May 2001 11:16:20 -0700 From: Stephanie Thomas Organization: SSH Communications Security X-Mailer: Mozilla 4.73 [en] (X11; I; Linux 2.2.16 i686) X-Accept-Language: en MIME-Version: 1.0 To: Ed Henderson Cc: ssh@clinet.fi Subject: Re: PermitRootLogin ? References: <002701c0dfc2$74ccc440$0464a8c0@certainty.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-ssh@clinet.fi Precedence: bulk Hi Ed, If you've already set up hostbased authentication (as per your previous emails), and you are using ssh2 from ssh.com, you can set PermitRootLogin to nopwd. This means that root is only allowed to login using a method other than password, such as hostbased, publickey, SecurID, pam, Kerberos, etc. Hope this helps. Steph Ed Henderson wrote: > > The only way for me to get root to execute remote commands on another machine is to set PermitRootLogin to "yes" in sshd_config. "forced-commands-only" doesn't work or at least the way I expect it to. I expect it to not require a password if you are issuing commands. Any tips? > > Thanks, > Ed. -- ********************************* Please note that for support cases, if I have not heard otherwise within five business days, I will assume that your issue is resolved. Stephanie Thomas Technical Support Specialist SSH Secure Shell GIAC Certified Unix Security Administrator SSH Communications Security Inc. http://www.ssh.com/support/ssh *********************************