Hi, I had probrem that I cannot login (or execute command) as root with RSA key.

The following is a summery of above.

* login as normal user with password : OK
* login as normal user with RSA key : OK
* execute command as normal user with password : OK
* execute command as normal user with RSA key : OK
* login as root with password : OK
* login as root with RSA key : Failed
* execute command as root with password : OK
* execute command as root with RSA key : Failed
* login as root with RSA key in "sshd -d" : OK!!!
* execute command as root with RSA key in "sshd -d" : OK!!!

I Checked

* /root has permission root:root 700
* /root/.ssh has permission root:root 700
* /root/.ssh/* has permission root:root 600
* RSAAuthentication yes in sshd_config.
* PubkeyAuthentication yes in sshd_config.
* AuthorizedKeysFile .ssh/authorized_keys in sshd_config
* authorized_keys file is exist and valid.
* PermitRootLogin yes in sshd_config.
* Client key file and permissions are valid.

Environment:

[Client]
* Manjaro Linux 0.8.13
* OpenSSH_6.9p1, OpenSSL 1.0.2d 9 Jul 2015
[Server]
* CentOS 7
* OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013

Why I cannot login as root with RSA key without -d option in sshd?

Thanks in advance.

A lot of systems are explicitly configured to stop direct root login via ssh.

You have to have and login in as ordinary user and sudo

I think this is configured either at the ssh or pam level (not sure which check both).

Or just go with the flow and sudo.

It was solved without my effort.
I tried again after system update and reboot. Then succeeded to login as root with RSA key.


---
Hi cyent, thank you for your reply.

I thought:

sudo requires tty, so it cannot use for execute command requiring root privilege in remote host.
For example, "btrfs receive."
"forced-commands-only" policy is just for it.

If there is authorization problem, it should failed to login also sshd -d.