[SOLVED] PermitRootLogin forced-command-only

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
ychaouche
Posts: 89
Joined: 2014-12-11 09:45

[SOLVED] PermitRootLogin forced-command-only

#1 Post by ychaouche »

Hello,
I am trying to configure openssh to refuse ssh logins for root but stil allow one command to be executed.
Here's what I tried :

1) Forcing a command to be executed when root wants to login, in /etc/ssh/sshd_config :

Code: Select all

PermitRootLogin forced-commands-only
2) Adding the desired command in /root/.ssh/authorized_keys, like this :

Code: Select all

command='echo hehehehe' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/f08GBJWxzVdJ65LCPLF2HYoXVjvX/PSWpwcffLyt78td1uYUzdYxLEXZmhMRCZe7t2jys9E2qzjx\
IWOhaSLJ3B0oT5KlTeMBgCcDDSjkw0H+qbRZXSpkl6zDGUUAEvvYfU89a89+/7L2T9hAVUeSB50xUtUleGj28mOiVZAYzfNgTJYB+++ixEuXKGdkwZiZhFpyIuu9CI0S/v+P+Aa1LsRb\
yUMQcmyVIq6CEX9VRHXwhdG+v6zgPvqVLi8/JRWxhkYJ96b7LBWudyZBMV63R8mPDnAGkTXp+Tx8R0a8+D9KalwSSgwV8X3/Fp33oZhfJk/cRUbbvDPl8lg0XHAh root@ychaouche-\
PC
Then I tried to ssh with root user, but instead of seeing "hehehehe" it is requesting my password (it shouldn't, because it used to be using key-based authentication just fine before I did the above changes) :

Code: Select all

root@ychaouche-PC[192.168.100.109] ~ # ssh 10.10.10.26 -p 22022
root@10.10.10.26's password: 
Permission denied, please try again.
root@10.10.10.26's password: 

root@ychaouche-PC[192.168.100.109] ~ #


Even with the right password, the command isn't run. I have restarte openssh and still no success.

Any ideas ?
Last edited by ychaouche on 2015-02-11 14:53, edited 2 times in total.
Top
ychaouche
Posts: 89
Joined: 2014-12-11 09:45

Re: PermitRootLogin forced-command-only

#2 Post by ychaouche »

The bug was that I was using single quotes instead of double quotes. So the correct line was :
command="echo hehehehe" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC[...]
Top
Post Reply

Return to “System and Network configuration”