Hw to create root-equivalent accounts?

system · January 25, 2002, 5:25am

Hi all.
After installing ssh on a server, i'd like to create a user with root privileges.
My problem is that after creating a user rootssh (uid=0, gid=20, /home/rootshh), i make rootssh's ssh keys. The problem is that normally the ssh-keygen should create the keys under $HOME/.ssh/, and actually it creates 'em under /.ssh ( / being my root home, this cannot be modified). How am i supposed to create the user? ( i'm lokking for a Hp and Solaris solution...)

Thanx all

LivinFree · January 25, 2002, 7:14am

That's the pain with having more than one root user... Since the UID=0, it'll either take set your variable to root's (like USER, LOGNAME, HOME...), or just plain assume you're root based on UID=0...

You can try setting the variables manually via the .profile / .login, but it's usually just better to use su / sudo.

Hope this helps.

system · January 25, 2002, 8:29am

In fact, the creation of this account is do avoid the use of root's passwd. We are trying to avoid any pure root use.
Would i have to set HOME to be /home/rootssh in the .profile?

LivinFree · January 25, 2002, 9:04am

Yes, you could do that...
when logged in as the "real" root, type "env", and look for any reference that you might need to set manually in the .profile.

For example, on a test Linux box here, I'd have to change:
USER
MAIL
LOGNAME
HOME
And maybe make double sure that "." isn't in the PATH.

So, why are you giving out root accounts to people you don't want to have the root password? They have the equivilent now, and could even change root's passwd now.

You really might want to look into "sudo" for your needs...

system · January 25, 2002, 9:23am

Yes surely, but i'm not the payer!
I just checked to env for both root and rootssh, HOME is correctly positionned for both. Rootssh's home is /home/rootssh and root is /.
WHya doesn't ssh-keygen see the difference?

wizard · January 25, 2002, 11:57am

This may or may not be helpful, but I downloaded openssh from http://www.sunfreeware.com and when I run ssh-keygen it asks me for the location to store the rsa1 keyfile. I specify the path where I want to store it, then change the sshd-config file to reflect the location of the keyfile. I use a secondary UID=0 account (not root) and I can ssh at will.

Obviously, the binaries from sunfreeware will only run on Solaris, but that's half your problem.

system · January 28, 2002, 4:40am

that's surely half of my problem! but are you creating your box's rsa1 keys, or your user keys?
Could you give me that particular line in your sshd_config file?