Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Ssh connection
Operating Systems Linux Red Hat Ssh connection Post 302750903 by thmnetwork on Wednesday 2nd of January 2013 07:07:25 PM
Old 01-02-2013
So my understanding of your question is that you want to have passwordless ssh command only work if its invoked by a particular script?

Really, the only reasonable way I can think to do that is:
1) push the passwordless ability to some other user
2) have that script be invoked via a sudo to that user and only that script.

That would get you to the point where you would do something like:

Code:
sudo -iu newUser /path/to/script.ksh

Ultimately, it's about removing the shared account's ability to directly use the public/private key associated with the remote login. Whether that involves pushing the passwordless functionality to a different user and just control who can run the script as the newer user (as described above) or leaving it in place and having people use a different shared account, that's what needs to happen.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

ssh connection

pls how do i connect to my freebsd server via ssh from a windows client?? I have sshd running on d freebsd server. (9 Replies)
Discussion started by: lealyz
9 Replies

2. UNIX for Dummies Questions & Answers

ssh connection

Hi @ all! I've a problem with a ssh-connection. I want to establish a ssh-connection between an AIX-System and an SunOS-System without a password. The Users are different one's. Command : user1@server1 /home/user1 > ssh user2@server2 Is it possible? Greetings olli-h (1 Reply)
Discussion started by: olli-h
1 Replies

3. Solaris

ssh connection failed.

When i was connecting the Solaris system by sftp . i got the following error. "Warning: child process (/usr/local/bin/ssh2) exited with code 74." Could any one help, how to fix it ? (1 Reply)
Discussion started by: nag.mi2000
1 Replies

4. Shell Programming and Scripting

SSH Connection To Oracle

My problem is this....:eek: Platform=Sun Solaris UNIX / Oracle 10g 1) I'm trying to SSH from my local system A to remote system B 2) Once connected, I need to sudo to ID that has the ability to connect to the Oracle database 3) Then run a script that connects via sqlplus and... (2 Replies)
Discussion started by: khand67
2 Replies

5. AIX

ssh connection closed by ip

Hi i am trying to do ssh without password between 2 aix servers. before i generate the keys, i am able to do the ssh & it is asking for password & i am able to login. ======================== # ssh 172.29.150.77 root@172.29.150.77's password: ======================== but when i generate rsa... (1 Reply)
Discussion started by: makarand.bhatka
1 Replies

6. UNIX for Advanced & Expert Users

How keep running a program n an another computer via a connection ssh when the connection is closed?

Hi everybody, I am running a program on a supercomputer via my personal computer through a ssh connection. My program take more than a day to run, so when I left work with my PC I stop the connection with the supercomputer and the program stop. I am wondering if someone know how I can manage... (2 Replies)
Discussion started by: TomTomGre
2 Replies

7. UNIX for Advanced & Expert Users

Connection-less using ssh

Hi! I know its a recurring problem, but I am failing to sort this out, I have two servers ( A and B), in which I am able to connect without having to put password from server B to server A, but the connect from server A to server B. takes 7 minutes to establish??? on Server A, I have the... (7 Replies)
Discussion started by: fretagi
7 Replies

8. BSD

Connection SSH to remote by ssh

Hello guys! I am setting up a script to access a unix remote server. My problem is that when I put the ssh line "my host", the script does not wait for the server response asking for the password to execute the line in which I put the password, that is, I need to put a form in which script has a... (1 Reply)
Discussion started by: aroucasp
1 Replies

9. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

LEARN ABOUT DEBIAN

molly-guard

MOLLY-GUARD(8)							  [FIXME: manual]						    MOLLY-GUARD(8)

NAME

       molly-guard - guard against accidental shutdowns/reboots

SYNOPSIS

       shutdown [-hV] [--molly-guard-do-nothing] [-- script_options]

       halt [-hV] [--molly-guard-do-nothing] [-- script_options]

       reboot [-hV] [--molly-guard-do-nothing] [-- script_options]

       poweroff [-hV] [--molly-guard-do-nothing] [-- script_options]

DESCRIPTION

       molly-guard attempts to prevent you from accidentally shutting down or rebooting machines. It does this by injecting a couple of checks
       before the existing commands: halt, reboot, shutdown, and poweroff. This happens via scripts with the same names in /usr/sbin, so it only
       works if you have /usr/sbin before /sbin in your PATH!

       Before molly-guard invokes the real command, all scripts in /etc/molly-guard/run.d/ have to run and exit successfully; else, it aborts the
       command.  run-parts(1) is used to process the directory.

       molly-guard passes any script_options to the scripts, and also populates the environment with the following variables:

       o   MOLLYGUARD_CMD - the actual command invoked by the user.

       o   MOLLYGUARD_DO_NOTHING - set to 1 if this is a demo-run.

       o   MOLLYGUARD_SETTINGS - the path to a shell script snippet which scripts can source to obtain settings.

       molly-guard prints the contents of /etc/molly-guard/messages.d/COMMAND or /etc/molly-guard/messages.d/default to the console, if either
       exists. This is due to /etc/molly-guard/run.d/10-print-message.

GUARDING SSH SESSIONS

       molly-guard was primarily designed to shield SSH connections. This functionality (which should arguably be provided by the openssh-server
       package) is implemented in /etc/molly-guard/run.d/30-query-hostname.

       This script first tests whether the command is being executed from a tty which has been created by sshd. It also checks whether the
       variable SSH_CONNECTION is defined. If any of these tests are successful, test script queries the user for the machine's hostname, which
       should be sufficient to prevent the user from doing something by accident.

       You can pass the --pretend-ssh script option to molly-guard to pretend that those tests succeeds. Alternatively, setting
       ALWAYS_QUERY_HOSTNAME in /etc/molly-guard/rc causes the script to always query.

       The following situations are still UNGUARDED. If you can think of ways to protect against those, please let me know!

       o   running sudo within screen or screen within sudo; sudo eats the SSH_CONNECTION variable, and screen creates a new pty.

       o   executing those command in a remote terminal window, that is a XTerm started on a remote machine but displaying on the local X server.

       You have been warned. You can use the --molly-guard-do-nothing switch to prevent anything from happening, e.g.  halt
       --molly-guard-do-nothing.

OPTIONS

       --molly-guard-do-nothing
	   Cause molly-guard to print the command which would be executed, after processing all scripts, instead of executing it.

       -h, --help
	   Display usage information.

       -V, --version
	   Display version information.

SEE ALSO

       shutdown(8), halt(1), reboot(8), poweroff(8).

LEGALESE

       molly-guard is copyright by martin f. krafft. Andrew Ruthven came up with the idea of using the scripts directory and submitted a patch,
       which I modified a bit.

       This manual page was written by martin f. krafft madduck@madduck.net.

       Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0

COPYRIGHT

       Copyright (C) 2008 martin f. krafft

[FIXME: source] 						   Apr 19, 2008 						    MOLLY-GUARD(8)
All times are GMT -4. The time now is 10:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy