Question
SSH key working fine, but after logout from root and back for root again it ask for pass
- Posted on February 2, 2017
- Linux CommandsSecurityDebian
Asked by Marcos Mendes
I have a ssh key working fine, i can login as root user without password. So, i created a new user, when i log in it and be back for root again, root ask for password, but i don’t know because i’m using ssh key for login as root.
i try edit config /etc/ssh/sshd_config and updated the following line:
PermitRootLogin yes
to
PermitRootLogin without-password
but no success, i continue being ask for root password. Can someone help me out on this problem?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
@marcosmendes
Setting
PermitRootLogintowithout-passwordmeans that therootuser must login using a public key. If you’re trying to runsu rootto become root from different users account, you will get prompted for a password.You’d be better off creating a new user, setting up their environment, and adding them as a sudo user. Of course, you’re still going to be prompted to authenticate when you run
sudoas well. If you weren’t then anyone that was able to login to that account would have free range to run root level commands without any secondary authentication.Setting up a Sudo User
I’ll use
myuseras the username of the new user in this example, so wherever you seemyuser, you would simply substitute in the username of your choice.1). Create a Home + .ssh Directories
2). Create a New User + Assign the Home Directory
3). Create the authorized_keys File
4). Setup Correct Permissions
5). Add Public Key to authorized_keys
You’d simply paste in your public key, then hit
CTRL+Xand hit enter to save.6). Add a Password for
myuserWith the above setup, you can now SSH in using:
If you setup a passphrase on the key itself, you’d enter it in and once logged in, you start off with just basic permissions. You can’t run root level commands until you prefix those commands with
sudo.If you try to run a root command, it’ll fail – i.e.
You would need to use:
and when prompted, enter in the password for
myuser– the command will then execute.SSH Keys exist to get in you – after that, passwords do come in to play, especially when you’re using either
suorsudo.The point is to not have to login as root at all – you should login as the sudo user and escalate using the sudo prefix on each command from.
I would add/edit to this awesome post by noting that the steps above will lose your prompt settings and that you could do the exact same thing using
useraddrather thanadduser. See https://askubuntu.com/questions/345974/what-is-the-difference-between-adduser-and-useraddSo the steps without running into the blank prompt would look like this.
adduserassigning to home directory. you will be prompted to create a password so you dont need thepasswd myuserstep above.home/myuser/.sshdirectoryauthorized_keysFile4). Setup Correct Permissions
5). Add Public Key to authorized_keys
You’d simply paste in your public key, then hit CTRL+X and hit enter to save.
With the above setup, you can now SSH in using:
ssh myuser@DROPLETIP -i /path/to/local/private_keyand when you log in you will a proper colorized prompt rather as set in default root configs, if you want it.Great post! Thanks for sharing.
Want to learn more? Join the DigitalOcean Community!
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Sign up now