Bug 167531 - sshd_config option 'PermitRootLogin' ' forced-commands-only' does not work
Summary: sshd_config option 'PermitRootLogin' ' forced-commands-only' does not work
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-04 11:23 UTC by greg hosler
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-05 08:42:49 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description greg hosler 2005-09-04 11:23:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Fedora/1.7.10-1.3.1

Description of problem:
When sshd option 'PermitRootLogin' is set to 'forced-commands-only', forced commands to the root account do not work. The client is prompted for password (even though there is a valid key), and then denied access.

Oddly enough, When 'PermitRootLogin' is set to 'without-password', root is allowed in.

Version-Release number of selected component (if applicable):
openssh-3.9p1

How reproducible:
Always

Steps to Reproduce:
1. On server, edit /etc/ssh/sshd_config. Set 'PermitRootLogin' to 'forced-commands-only'
2. service sshd restart
3. install a public key to root's .ssh/authorized_keys file
4. go to a remote client and issue the command:
    ssh root@<server hostname> id

  

Actual Results:  you are propted for root's password, 3 times, and then denied access.

Expected Results:  ssh should log in, issue the 'id' command, and then log out.


Additional info:

This has been broken for several releases. I believe that this used to work in RHL9. It did not work in RHEL3, and does not work in RHEL4

Comment 1 Tomas Mraz 2005-09-05 08:42:49 UTC
This is misunderstanding of the forced-commands-only option.

Please read man sshd the section AUTHORIZED KEYS FILE FORMAT.



Note You need to log in before you can comment on or make changes to this bug.