On Tue, Apr 19, 2005 at 04:56:17PM +0200, Daniel Gerzo wrote:
> Naskladane pomutovane bunky Coleman,
>
> Tuesday, April 19, 2005, 12:56:06 AM, si napisal:
>
> > On Mon, Apr 18, 2005 at 07:54:47AM +0200, David E. Meier wrote:
> >> Hi list, just a short question:
> >>
> >> Is it possible to configure sshd (SSH-1.99-OpenSSH_3.5p1 on RH 9) to limit
> >> the root user to login using a publickey only while other system user
> >> still can login at the password prompt?
> >>
> >> Dave
> >>
> >>
> >>

>
> > You could put an invalid character in root's password field (disabling password logins)
> > like * or !. Then you could install public keys in .ssh/authorized_keys. Make sure
> > PermitRootLogin is enabled. That is how I've done that exact thing in the past.

>
> if he would do so, he won't be able to log in as root from local
> console anymore, so this isn't the best way how to do so.
>
> Dave: please, follow steps which were sent by others...
>
> > --
> > coleman

>
> --
> Sincerely,
>
> +----------==/\/\==----------+ (__) FreeBSD
> | DanGer | \\\'',) The
> | DanGer@IRCnet ICQ261701668 | \/ \ ^ Power
> | http://danger.rulez.sk | .\._/_) To
> +----------==\/\/==----------+ Serve


I agree, I was not aware of the without-password flag to PermitRootLogin.
Most machines I admin, I do not log in as root. I always just use sudo. Thus,
this solution worked for my experience.

--
coleman