topic using openssh in Operating System - HP-UX

using openssh

maafa — Wed, 27 Mar 2002 09:53:35 GMT

hi all,

I am looking for a minimal sshd_config file which do the following:

ssh protocole 2
restrict ssh interactive root login.
permit scp batch root copy.

thank you

Re: using openssh

Shannon Petry — Wed, 27 Mar 2002 17:11:59 GMT

As far as I know, you can not have your cake and eat it too. ssh is a function of sftp, and rules apply to scp/ssh and sftp when initiated.

If a user is denied access to ssh, then this applies to scp, and sftp as well.

In this case, perhaps look at an alternate method of doing what you want. I.E.
Have user1 copy batch file, but have roots cron extract/move it when it's done.

regards,
Shannon

Re: using openssh

Mark Fenton — Wed, 27 Mar 2002 20:37:45 GMT

Maafa, would you be looking for mandatory RSA authentication (or DSA) and no password?

Shannon is correct in that you can't have one setting for root and another for all others. Though you could a priori deny root login entirely -- though this doesn't sound like what you want.

Perhaps something like

~~~
RhostsAuthentication no
#
RhostsRSAAuthentication no
#
RSAAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
~~~

which would disallow rhost and password authentication, but allow RSAauthentication.

In order to login, as root, (or anyone) then, the proper RSA key must be presented.

For more info on these options, read the man page or get the book from O'Reilly -- definately worth reading.

hth, Mark

Re: using openssh

Craig Rants — Wed, 27 Mar 2002 20:44:00 GMT

You can deny users with AllowUsers and DenyUsers directives. They just are not part of the initial sshd_config file.

i.e.

AllowRootLogin yes
AllowUsers root

thus root is the only user allowed to use ssh

GL,
C