I have centos5.
Is there any way that i can log into my vps server with root user from particular ip address only.
I have read that i can use private key to login into sshd. But the problem is i am using SFTP for all my webistes and i don't want non IT users to use keys to login with SFTP.
OR is there any way that only root can use keys to login into shell but for others its normal password
A better way now is to use the Match keyword:
Match Host myworkstation
PermitRootLogin yes
or
Match Address 192.168.1.100
PermitRootLogin yes
That way, you can leave PermitRootLogin set to 'no', but you can still log in as root from your workstation.
This can also be used, for example, to allow root to rsync data between two hosts.
It is generally a better practice to log in as a non-privileged user first then use 'su -' or 'sudo' to gain root privileges, but...
You could always put the IP restriction on your key in ~root/.ssh/authorized_keys:
from="192.168.1.100" ssh-rsa AAAAh9uif...auwehuf== yourkey@yourhost.com
This would allow ssh using the yourkey@yourhost.com key only from 192.168.1.100.
Use:
PermitRootLogin without-password
In /etc/ssh/sshd_config. Every user excluding root will be allowed to use password logins. Root needs to use keys to login.
Edit sshd_config (usually in /etc/ssh), and add or change the following directives
PermitRootLogin yes
AllowUsers root@thehosttoallow
Then restart the daemon
service ssh restart
First, why would you want to prevent users from using key auth? That makes no sense to me.
Second, don't allow root login via ssh. Just don't do it - there's no good reason for needing to do so. It goes against every best practice out there, and for good reason. If you need to grant permissions to read/write certain files, you should be able to do so through the standard linux filesystem permissions. If you need more fine-grained access control, look into the linux ACL system.
