Tuesday, December 5, 2023
 Popular · Latest · Hot · Upcoming
rated 0 times [  0] [ 0]  / answers: 1 / hits: 1105  / 1 Year ago, mon, august 29, 2022, 1:39:29

I'd like to configure sshd_config to allow remote root logins without prompting for a password, but I do not want to configure passwordless ssh by copying the remote public key. In other words, I'd like to allow ssh root@host from anywhere without a password prompt. Is this possible to accomplish?


Some more info:


PermitEmptyPasswords yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes

# passwd --delete root
# service ssh restart

sh@sh-desktop:~$ su - root
su: Authentication failure

sh@sh-desktop:~$ ssh -vvv root@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.

I also tried to set UsePAM no, but than I cannot login at all. Perhaps something needs to be done in PAM config.

More From » server


Turns out the following was required, in addition to the mentioned parameters in sshd_config.

edit /etc/pam.d/common-auth
change nullok_secure to nullok

auth    [success=1 default=ignore]  pam_unix.so nullok

For example:

Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)

$ ssh [email protected]
[email protected]'s password:
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)

ssh [email protected]
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 4.2.0-27-generic x86_64)

The meaning of nullok_secure is documented in the older version of the pam_unix man page. In Ubuntu 22 the option nullok_secure got removed.

[#435] Monday, August 29, 2022, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.

Total Points: 64
Total Questions: 115
Total Answers: 109

Location: Saint Helena
Member since Tue, Nov 3, 2020
3 Years ago
hergy questions
Tue, Aug 31, 21, 08:36, 2 Years ago
Thu, Mar 31, 22, 11:18, 2 Years ago