Bug 167531 - sshd_config option 'PermitRootLogin' ' forced-commands-only' does not work
sshd_config option 'PermitRootLogin' ' forced-commands-only' does not work
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-09-04 07:23 EDT by greg hosler
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-05 04:42:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description greg hosler 2005-09-04 07:23:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Fedora/1.7.10-1.3.1

Description of problem:
When sshd option 'PermitRootLogin' is set to 'forced-commands-only', forced commands to the root account do not work. The client is prompted for password (even though there is a valid key), and then denied access.

Oddly enough, When 'PermitRootLogin' is set to 'without-password', root is allowed in.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. On server, edit /etc/ssh/sshd_config. Set 'PermitRootLogin' to 'forced-commands-only'
2. service sshd restart
3. install a public key to root's .ssh/authorized_keys file
4. go to a remote client and issue the command:
    ssh root@<server hostname> id


Actual Results:  you are propted for root's password, 3 times, and then denied access.

Expected Results:  ssh should log in, issue the 'id' command, and then log out.

Additional info:

This has been broken for several releases. I believe that this used to work in RHL9. It did not work in RHEL3, and does not work in RHEL4
Comment 1 Tomas Mraz 2005-09-05 04:42:49 EDT
This is misunderstanding of the forced-commands-only option.

Please read man sshd the section AUTHORIZED KEYS FILE FORMAT.

Note You need to log in before you can comment on or make changes to this bug.