[SOLVED] PermitRootLogin forced-command-only

Message

ychaouche · #1 Post by **ychaouche** » 2015-02-11 12:38

Hello,
I am trying to configure openssh to refuse ssh logins for root but stil allow one command to be executed.
Here's what I tried :

1) Forcing a command to be executed when root wants to login, in /etc/ssh/sshd_config :

Code: Select all

PermitRootLogin forced-commands-only

2) Adding the desired command in /root/.ssh/authorized_keys, like this :

Code: Select all

command='echo hehehehe' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/f08GBJWxzVdJ65LCPLF2HYoXVjvX/PSWpwcffLyt78td1uYUzdYxLEXZmhMRCZe7t2jys9E2qzjx\
IWOhaSLJ3B0oT5KlTeMBgCcDDSjkw0H+qbRZXSpkl6zDGUUAEvvYfU89a89+/7L2T9hAVUeSB50xUtUleGj28mOiVZAYzfNgTJYB+++ixEuXKGdkwZiZhFpyIuu9CI0S/v+P+Aa1LsRb\
yUMQcmyVIq6CEX9VRHXwhdG+v6zgPvqVLi8/JRWxhkYJ96b7LBWudyZBMV63R8mPDnAGkTXp+Tx8R0a8+D9KalwSSgwV8X3/Fp33oZhfJk/cRUbbvDPl8lg0XHAh root@ychaouche-\
PC

Then I tried to ssh with root user, but instead of seeing "hehehehe" it is requesting my password (it shouldn't, because it used to be using key-based authentication just fine before I did the above changes) :

Code: Select all

root@ychaouche-PC[192.168.100.109] ~ # ssh 10.10.10.26 -p 22022
root@10.10.10.26's password: 
Permission denied, please try again.
root@10.10.10.26's password: 

root@ychaouche-PC[192.168.100.109] ~ #

Even with the right password, the command isn't run. I have restarte openssh and still no success.

Any ideas ?

ychaouche · #2 Post by **ychaouche** » 2015-02-11 12:48

The bug was that I was using single quotes instead of double quotes. So the correct line was :
command="echo hehehehe" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC[...]

Debian User Forums

[SOLVED] PermitRootLogin forced-command-only

[SOLVED] PermitRootLogin forced-command-only

Re: PermitRootLogin forced-command-only