From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Fedora/1.7.10-1.3.1 Description of problem: When sshd option 'PermitRootLogin' is set to 'forced-commands-only', forced commands to the root account do not work. The client is prompted for password (even though there is a valid key), and then denied access. Oddly enough, When 'PermitRootLogin' is set to 'without-password', root is allowed in. Version-Release number of selected component (if applicable): openssh-3.9p1 How reproducible: Always Steps to Reproduce: 1. On server, edit /etc/ssh/sshd_config. Set 'PermitRootLogin' to 'forced-commands-only' 2. service sshd restart 3. install a public key to root's .ssh/authorized_keys file 4. go to a remote client and issue the command: ssh root@<server hostname> id Actual Results: you are propted for root's password, 3 times, and then denied access. Expected Results: ssh should log in, issue the 'id' command, and then log out. Additional info: This has been broken for several releases. I believe that this used to work in RHL9. It did not work in RHEL3, and does not work in RHEL4
This is misunderstanding of the forced-commands-only option. Please read man sshd the section AUTHORIZED KEYS FILE FORMAT.