Red Hat Bugzilla – Bug 167531
sshd_config option 'PermitRootLogin' ' forced-commands-only' does not work
Last modified: 2007-11-30 17:07:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050719 Fedora/1.7.10-1.3.1
Description of problem:
When sshd option 'PermitRootLogin' is set to 'forced-commands-only', forced commands to the root account do not work. The client is prompted for password (even though there is a valid key), and then denied access.
Oddly enough, When 'PermitRootLogin' is set to 'without-password', root is allowed in.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. On server, edit /etc/ssh/sshd_config. Set 'PermitRootLogin' to 'forced-commands-only'
2. service sshd restart
3. install a public key to root's .ssh/authorized_keys file
4. go to a remote client and issue the command:
ssh root@<server hostname> id
Actual Results: you are propted for root's password, 3 times, and then denied access.
Expected Results: ssh should log in, issue the 'id' command, and then log out.
This has been broken for several releases. I believe that this used to work in RHL9. It did not work in RHEL3, and does not work in RHEL4
This is misunderstanding of the forced-commands-only option.
Please read man sshd the section AUTHORIZED KEYS FILE FORMAT.