最終更新:2018-04-11 (水) 09:03:02 (853d)  

PermitRootLogin
Top / PermitRootLogin

http://www.freebsd.org/cgi/man.cgi?query=sshd_config&sektion=5&n=1

特定のコマンドのみ実行させる

  • PermitRootLogin forced-commands-only
  • authorized_keysのcommand=""に指定したコマンドのみ実行される

  • yes
    prohibit-password?デフォルト rootのパスワード認証は禁止
    without-password?
    forced-commands-only
    no

man

  • Specifies whether root can log in using ssh(1).  The argument must be “yes”, “prohibit-password”, “without-password”, “forced-commands-only”, or “no”.  The default is “prohibit-password”.
    
    If this option is set to “prohibit-password” or “without-password”, password and keyboard-interactive authentication are disabled for root.
    
    If this option is set to “forced-commands-only”, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed).  All other authentication methods are disabled for root.
    
    If this option is set to “no”, root is not allowed to log in.

メモ

  • OpenBSDが本家っぽいけどFreeBSDの方のマニュアルのほうが充実してる。