From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Lc3rE-00008C-Lw for garchives@archives.gentoo.org; Tue, 24 Feb 2009 20:26:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AC345E05AE; Tue, 24 Feb 2009 20:26:23 +0000 (UTC) Received: from mx01.admin-box.com (mx01.admin-box.com [78.47.249.108]) by pigeon.gentoo.org (Postfix) with ESMTP id 1FDA7E05AE for ; Tue, 24 Feb 2009 20:26:23 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx01.admin-box.com (Postfix) with ESMTP id 66168201DF48 for ; Tue, 24 Feb 2009 21:26:22 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mx01.admin-box.com Received: from mx01.admin-box.com ([127.0.0.1]) by localhost (mx01.admin-box.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DhQ9FoHNEDQa for ; Tue, 24 Feb 2009 21:26:19 +0100 (CET) Received: from [192.168.0.136] (e178037208.adsl.alicedsl.de [85.178.37.208]) (Authenticated sender: daniel@troeder.de) by mx01.admin-box.com (Postfix) with ESMTP id AD38B201DF43 for ; Tue, 24 Feb 2009 21:26:19 +0100 (CET) Subject: Re: [gentoo-user] OT -- superuser file manager access to remote via ssh with no root login? From: Daniel Troeder To: gentoo-user@lists.gentoo.org In-Reply-To: <20090224090242.40f2b26f@lappy.evolone.org> References: <20090224090242.40f2b26f@lappy.evolone.org> Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-46pGaBcTPgqQlYH5GB+A" Date: Tue, 24 Feb 2009 21:26:18 +0100 Message-Id: <1235507178.9075.9.camel@maya.local> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.24.4 X-Archives-Salt: f9b0a21f-1e6e-4141-997d-a0fddd4d9f13 X-Archives-Hash: bb64f613cb8668490ff3a6646802e773 --=-46pGaBcTPgqQlYH5GB+A Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Am Dienstag, den 24.02.2009, 09:02 -0800 schrieb Michael Higgins: > I can't figure this one out.=20 >=20 > Have disallowed root login, public key auth. >=20 > Have a bunch of random renaming to do on that machine though, so would li= ke to point and click for a change. >=20 > Is this possible? No GUI libs on the remote machine... >=20 > I was thinking sshfs, but since I can't login directly as root, is there = some other way? Something like this might work: # cp /etc/ssh/sshd_config /root/sshd_root_allow_config Then edit /root/sshd_root_allow_config to allow root-login, to listen on a port !=3D 22 and to use another PID-file: --- Port 222 PidFile /var/run/sshd_root_allow.pid PermitRootLogin yes --- Install app-admin/sudo and configure, that your login-user can execute the following two commands (maybe only these!?!): # sudo /usr/sbin/sshd -f /root/sshd_root_allow_config # sudo kill $(cat /var/run/sshd_root_allow.pid) Then you can use sshfs to port 222 between the two commands as root :) Bye, Daniel --=-46pGaBcTPgqQlYH5GB+A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Dies ist ein digital signierter Nachrichtenteil -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkmkV+oACgkQg3+4tbudSIfnYgCfUJ1NmTPJFNG6rrBzTXPXs2RP pC4AnAmccoFE9svTDn3BjuPI56rCeP0O =MczR -----END PGP SIGNATURE----- --=-46pGaBcTPgqQlYH5GB+A--