2001-Mar-28

[debian] Noticed that my nightly (rsync via ssh) backups from pilchuck to rainier were not working. They had stopped working around Jan. 29 or after. RSA authentication was refused and it then prompted for password. (It runs from cron so it must just timeout.) (On March 28, I realized that my sendmail replacement was broken and this is why cron couldn't tell me.) Manually, I could not log in with password either. So I ran sshd on pilchuck with "-d" and received: "ROOT LOGIN REFUSED FROM". So I changed the /etc/ssh/sshd_config's PermitRootLogin from "no" to "yes". I am not yet sure how this worked before. My (NetBSD) diary says I did a apt-get upgrade on Jan. 30 on the Debian box. From looking at the status of current packages (under /var/lib/dpkg), I see status.yesterday.3.gz (Jan 30 13:58) has openssh Version: 1:1.2.3-9.1 and status.yesterday.4.gz (Sep 21 2000) has openssh Version: 1:1.2.2-1.4. The sshd manual page says:

Root login with RSA authentication when the command option has been specified will be allowed regardless of the value of this setting (which may be useful for taking remote backups even if root login is normally not allowed).

It also has a "without-password" option for PermitRootLogin. Made my mailout ignore bogus options -- now works with cron.

Today I realized my mailout is broken. It doesn't work with cron (/usr/sbin/sendmail -FCronDaemon -odi -oem -oi -or0s -t), so all my problems and regular output from cron disappear. (This explains why I didn't know why my backups were not being done.) I modified mailout so it ignores bogus -options instead of using them as usernames.