SSH as root with specific IP

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

SSH as root with specific IP

John Tate-8
I want to be able to log in as root by SSH with a specific IP address.
This is so rsync can log in to the server easily and backup many files
owned by many different users and groups. Rather than a script on the
server logging into the server with the backups with many files and
many different users.

Can it be done?

--
www.johntate.org

Reply | Threaded
Open this post in threaded view
|

Re: SSH as root with specific IP

Jay Patel-7
ssh -lroot youriphere -p1157

-l ==login
-p == port number


On Mon, Sep 30, 2013 at 11:59 AM, John Tate <[hidden email]> wrote:

> I want to be able to log in as root by SSH with a specific IP address.
> This is so rsync can log in to the server easily and backup many files
> owned by many different users and groups. Rather than a script on the
> server logging into the server with the backups with many files and
> many different users.
>
> Can it be done?
>
> --
> www.johntate.org

Reply | Threaded
Open this post in threaded view
|

Re: SSH as root with specific IP

David Coppa
In reply to this post by John Tate-8
On Mon, Sep 30, 2013 at 8:29 AM, John Tate <[hidden email]> wrote:
> I want to be able to log in as root by SSH with a specific IP address.
> This is so rsync can log in to the server easily and backup many files
> owned by many different users and groups. Rather than a script on the
> server logging into the server with the backups with many files and
> many different users.
>
> Can it be done?

man sshd_config

And look for  "Match" blocks.

Reply | Threaded
Open this post in threaded view
|

Re: SSH as root with specific IP

Eric Johnson
In reply to this post by John Tate-8
On Mon, 30 Sep 2013, John Tate wrote:

> I want to be able to log in as root by SSH with a specific IP address.
> This is so rsync can log in to the server easily and backup many files
> owned by many different users and groups. Rather than a script on the
> server logging into the server with the backups with many files and
> many different users.
>
> Can it be done?

I assume you mean that you want the source to be from a specific IP
address.  That is, you have more than one address on the computer and you
want the request to be from an alias.  Is that right?  If so, try this:

ssh -b 192.168.1.201 root@192.168.1.76

If you are connecting to a specific IP address, that is rather trivial.  
Unless, of course, you do not permit logins to
root.

Are you using RSA or DSA keys to do it?  If so, you can set

        PermitRootLogin without-password

in your /etc/ssh/sshd_config file.

To make the connection automagically, you can either leave the pasword
blank when running ssh-keygen or use the keychain program so that you only
have to enter the password when you bring up the machine.

There is a method whereby you can create a certificate signed with a key
issued by a certificate authority that can restrict a connection to the
server from one particular host.   That way, if someone else manages to
get a copy of your host key, they will not be able to use it to connect to
the server from their machine if their machine is not on the address list.

Disclaimer:  I've never tried using ssh certificates so you might want
something from someone who knows more about them.

Eric Johnson

Reply | Threaded
Open this post in threaded view
|

Re: SSH as root with specific IP

Gilles Cafedjian
In reply to this post by John Tate-8
Le 2013-09-30 08:29, John Tate a écrit :

> I want to be able to log in as root by SSH with a specific IP address.
> This is so rsync can log in to the server easily and backup many files
> owned by many different users and groups. Rather than a script on the
> server logging into the server with the backups with many files and
> many different users.
>
> Can it be done?

You can use Match statement in your sshd_config to allow root
connections only on a particular IP.

Also, if you use RSA, DSA or ECDSA key, you should add it to the file
authorized_keys on the server and restrict this key to a single command
with command="..."
Do not turn on PermitRootLogin without Match statement.

see sshd(8) for the keywords you can add in your authorized_keys to
limit the root access.

Reply | Threaded
Open this post in threaded view
|

Re: SSH as root with specific IP

Nick Holland
In reply to this post by John Tate-8
oops.  meant to send to list...
(this time with cheesy ASCII graphics which will probably get mauled by
most mail clients)

On 09/30/2013 02:29 AM, John Tate wrote:
> I want to be able to log in as root by SSH with a specific IP address.
> This is so rsync can log in to the server easily and backup many files
> owned by many different users and groups. Rather than a script on the
> server logging into the server with the backups with many files and
> many different users.
>
> Can it be done?
>

been there, doing that...

ANOTHER way of doing this, you can modify your root ssh authorized_key
file so it only accepts connections from designated sites for a
particular key:

from="1.2.3.4" ssh-rsa SZJlGKh8nr....cSAG/hBi root@backup
\__new part__/ \____________usual part of key__________/

(there are lots of other nifty options here -- see man sshd)

combine that with no password logins and your goal is accomplished.

Nick.