Debian: SSH: "PermitRootLogin=forced-commands-only" stopped working
- by Brent
I have several servers running Debian Lenny.
Just recently I discovered the PermitRootLogin=forced-commands-only directive for ssh, which allows me to run a scripted rsync as root with an ssl key, without enabling more generalized root ssh access.
However, last week this stopped working - it appears on all of my servers - and I can't figure out why.
Everything continues to work fine with PermitRootLogin=yes, but I would prefer to block root logins - especially via passwords.
The day it stopped working, we reconfigured some of the ports on one of our switches (which we later reverted), but I can't see that affecting this, since it still works with PermitRootLogin set to yes.
How can I diagnose why the forced-commands-only directive has apparently stopped working?