Passwordless ssh for root

sai_2507 · September 26, 2012, 9:47am

Hi Experts,

I am trying to setup passwordless ssh for root between two of my solaris servers(say A & B).

I have exchanged the public keys between both servers.

Password less ssh working fine while I try to connect from Server A to Server B.

However it is still asking password while I try to ssh from Server B to Server A.

OS details for both servers:

 
# uname -a
SunOS prod1 5.10 Generic_144488-05 sun4v sparc sun4v
#
# uname -a
SunOS prod2 5.10 Generic_144488-05 sun4v sparc sun4v
#

PermitRootLogin flag in sshd_config file is set accordingly on both servers.

 
# grep -i permitroot /etc/ssh/sshd_config
PermitRootLogin without-password
#

Permission for .ssh directory under root on both servers.

 
# ls -ld .ssh
drwx------   2 root     root         512 Sep 26 21:30 .ssh
#

Permission for authorized_keys file on both servers.

# ls -ltr authorized_keys
-rw-------   1 root     root         221 Sep 26 21:27 authorized_keys
#

Need your help in identifying why it is asking for password while I am trying to connect from Server B to Server A.

Corona688 · September 26, 2012, 11:17am

What's the permission of the home directories themselves?

jlliagre · September 26, 2012, 12:03pm

@Corona688 root is not affected by file and directory permissions (unless if on remote file systems which I guess is not the case here)

@sai_2507 Check is PASSREQ is set to no in /etc/default/login.

Corona688 · September 26, 2012, 12:12pm

Not in general, no. ssh has its own requirements which it enforces, however; and you don't get root until you actually log in!

manni2 · September 27, 2012, 1:53am

If you sure you really like to do this ? It less secure andnormally just a su and you are root, but ok , try this:

vi /etc/ssh/sshd_config and set "PermitRootLogin" to "yes".
you hav eit currently under "PermitRootLogin without-password"

Then restart the sshd process.

and test it

sai_2507 · October 3, 2012, 11:20pm

Thanks Corona688 and all for your help.

Checked the permission of root direcotory and found root was not owner of root directory on one of the server. I changed the owner to root and now it is working fine...

kalba · January 5, 2013, 11:10pm

FYI on Solaris 11
The default install sets root up as a role. This breaks ssh public key authentication for root as it always prompts for a password and the sshd server (in debug mode) always errors out with "Failed publickey for root from X.X.X.X port XXXX ssh2 debug 1.

The quick solution for the above is to set root back to a "normal" account type by running the following command (this edits the /etc/user_attr file):

rolemod -K type=normal root

I wasted half a day on this. Hope this helps someone else out there.