> PermitRootLogin without-password > AuthorizedKeysFile /just_a_dir/authorized_keys/%u > PasswordAuthentication no > UsePAM yes > > This will give you control of access if at least the > /just_a_dir/authorized_keys folder is not writeable for the world (the > keys need to readable, not writeable for the user that tries to log on) Setting "PermitRootLogin without-password" doesn't help your authorized_keys issue, doesn't do anything to make ssh keys work better, and just opens you up to a whole world of issues in the event of some sort of a security problem. I personally set "PermitRootLogin no" on anything I allow direct access from the outside world to. Setting the AuthorizedKeysFile to anything other than ~/.ssh/authorized_keys seems ludicrous to me as well. It's not like a user can do anything with that file other than add to it, or steal public keys from machines that are allowed to login to it without a password, thereby allowing either a different machine to log into that machine without a password, or propagating the machines your trusted hosts can log into without a password. Personally, too much trust is a bad thing. If you need to automate stuff, do it on locked-down user accounts and give them permissions to put the stuff where they need to go, or cron something to check for the data and move it. Peter -- Peter Serwe <peter at infostreet dot com> http://www.infostreet.com "The only true sports are bullfighting, mountain climbing and auto racing." -Earnest Hemingway "Because everything else requires only one ball." -Unknown "Do you wanna go fast or suck?" -Mike Kojima "There are two things no man will admit he cannot do well: drive and make love." -Sir Stirling Moss