Red Hat Bugzilla – Bug 481079
ssh root@localhost stopped working
Last modified: 2009-02-12 10:48:22 EST
Description of problem:
I recently upgraded my laptop from Fedora 9 -> Fedora 10. Before upgrading, I could do "ssh root@localhost" and it would use my DSA private key to authenticate and let me log into the root account on the local host. After upgrading, this no longer works; on my laptop, "ssh localhost", "ssh someotherhost", and "ssh root@someotherhost" all still work, but "ssh root@localhost" refuses to accept my DSA key and prompts for the root password. Similarly, from another machine, "ssh mylaptop" works but "ssh root@mylaptop" does not accept my DSA key and prompts for the root password.
Any clue why this is happening?
I checked that /etc/ssh/sshd_config has not changed the PermitRootLogin setting. I even tried uncommenting it and explicitly setting PermitRootLogin to yes, and restarting sshd, without seeing any change. I'm not seeing any messages in any file in /var/log/ that explains what is going on. Running "ssh -v root@localhost" only shows that the DSA key was tried and rejected without any explanation of why. The only thing other hypothesis I was able to come up with is that maybe this is some interaction with PAM, but I wouldn't know how to check that.
Any ideas how to troubleshoot this?
P.S. The bugzilla interface for selecting a component still sucks. (A tiny menu to select one among a few thousand components? Nuts.)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Set up a DSA private key. Use ssh-add to type in your passphrase if you have one.
2. Run "ssh root@localhost"
SSHD accepts your private key and logs you in immediately.
SSHD prompts you for the root password.
I can confirm that this bug is also present on a clean install of Fedora 10. Any ideas why?
I'm an idiot. This bug is not present on a clean install of Fedora 10. Please disregard comment #1.
Not sure why it happened when I did an upgrade from F9->F10; maybe I was an idiot then, too (though I doubt it was the same error), or maybe it was something else.
*** This bug has been marked as a duplicate of bug 473014 ***