Такой вопрос:
Читаю ман:
PermitRootLogin
If this option is set to ``forced-commands-only'' root login with
public key authentication will be allowed, but only if the
сommand option has been specified (which may be useful for taking
remote backups even if root login is normally not allowed). All
other authentication methods are disabled for root.
Ставлю в sshd:
PermitRootLogin forced-commands-only
на клиенте от рута:
ssh-keygen -t rsa
копируем строчку из id_rsa.pub в серверный authorized_keys
Также на сервере:
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
все..
на клиенте ssh root@192.168.0.1 ls
в логах:
Connection from 192.168.0.2 port 32775
sshd[14477]: debug1: Client protocol version 2.0; client software version OpenSSH_3.8.1p1 Debian-8.sarge.4
sshd[14477]: debug1: match: OpenSSH_3.8.1p1 Debian-8.sarge.4 pat OpenSSH_3.*
sshd[14477]: debug1: Enabling compatibility mode for protocol 2.0
sshd[14477]: debug1: Local version string SSH-2.0-OpenSSH_4.2
sshd[14477]: Failed none for root from 192.168.0.2 port 32775 ssh2
sshd[14477]: debug1: temporarily_use_uid: 0/0 (e=0/0)
sshd[14477]: debug1: trying public key file /root/.ssh/authorized_keys
sshd[14477]: debug1: matching key found: file /root/.ssh/authorized_keys, line 2
sshd[14477]: Found matching RSA key: 7d:ce:3c:be:cd:7b:f7:23:c5:ab:d9:65:41:24:1b:8f
sshd[14477]: debug1: restore_uid: 0/0
sshd[14477]: debug1: temporarily_use_uid: 0/0 (e=0/0)
sshd[14477]: debug1: trying public key file /root/.ssh/authorized_keys
sshd[14477]: debug1: matching key found: file /root/.ssh/authorized_keys, line 2
sshd[14477]: Found matching RSA key: 7d:ce:3c:be:cd:7b:f7:23:c5:ab:d9:65:41:24:1b:8f
sshd[14477]: debug1: restore_uid: 0/0
sshd[14477]: debug1: ssh_rsa_verify: signature correct
sshd[14477]: ROOT LOGIN REFUSED FROM 192.168.0.2
sshd[14477]: Failed publickey for root from 192.168.0.2 port 32775 ssh2
если интересно то проблема разрешилась.
надо внимательно читать ман:
юзать
PermitRootLogin forced-commands-only
можно только непосредственно указав в .ssh/authorized_keys команды:
command="ls" ssh-rsa AAAAB3NzaC1yc2EA...