On Mon, Feb 1, 2010 at 6:49 PM, Warren Michelsen <Warren at mdcclxxvi.com> wrote: > On Mac OS, in order to allow ssh using dsa keys, I would copy > ~/.ssh/id_dsa.pub from my machine into ~/.ssh/authorized_keys of the > target machine. I've created .ssh directories in my account home as > well as in /root and copied the respective keys to authorized_keys > files in each. > > Strangely, I can now ssh as root with no password but my own user > account still prompts for a password. What might be wrong? > > > Interestingly, passwordless root ssh log-in worked while > 'PermitRootLogin' in /etc/ssh/sshd_config was just 'yes' and before I > changed it to 'without-password'. Check the permission all your top level directories and the .ssh directories and it's files. Basically, group and other writes are forbidden since it would allow other people to change your keys. If you're allowing the use of passwords and keys, then it's just falling back to passwords because the permissions are incorrect. And I presuming the secret key is not encrypted, i.e., you never set a passphrase - hence the root login works without a password since the permissions are correct for key exchange. Also, on Redhat/Centos/Solaris machines, it's PermitRootLogin no or PermitRootLogin yes and not PermitRootLogin without-password There should be separate entry for passwords PermitEmptyPasswords no You have to be barking mad to allow root connections - or any connection - with an empty passwords. Note, this isn't Mac mailing list so your mileage will vary. Without a sshd_config file it's hard to help you. -- Enjoy global warming while it lasts.