So my understanding of your question is that you want to have passwordless ssh command only work if its invoked by a particular script?
Really, the only reasonable way I can think to do that is:
1) push the passwordless ability to some other user
2) have that script be invoked via a sudo to that user and only that script.
That would get you to the point where you would do something like:
Ultimately, it's about removing the shared account's ability to directly use the public/private key associated with the remote login. Whether that involves pushing the passwordless functionality to a different user and just control who can run the script as the newer user (as described above) or leaving it in place and having people use a different shared account, that's what needs to happen.
Hi @ all!
I've a problem with a ssh-connection.
I want to establish a ssh-connection between an AIX-System and an SunOS-System without a password.
The Users are different one's.
Command :
user1@server1 /home/user1 > ssh user2@server2
Is it possible?
Greetings olli-h (1 Reply)
When i was connecting the Solaris system by sftp . i got the following error.
"Warning: child process (/usr/local/bin/ssh2) exited with code 74."
Could any one help, how to fix it ? (1 Reply)
My problem is this....:eek:
Platform=Sun Solaris UNIX / Oracle 10g
1) I'm trying to SSH from my local system A to remote system B
2) Once connected, I need to sudo to ID that has the ability to connect to the Oracle database
3) Then run a script that connects via sqlplus and... (2 Replies)
Hi i am trying to do ssh without password between 2 aix servers.
before i generate the keys, i am able to do the ssh & it is asking for password & i am able to login.
========================
# ssh 172.29.150.77
root@172.29.150.77's password:
========================
but when i generate rsa... (1 Reply)
Hi everybody,
I am running a program on a supercomputer via my personal computer through a ssh connection. My program take more than a day to run, so when I left work with my PC I stop the connection with the supercomputer and the program stop.
I am wondering if someone know how I can manage... (2 Replies)
Hi!
I know its a recurring problem, but I am failing to sort this out, I have two servers ( A and B), in which I am able to connect without having to put password from server B to server A, but the connect from server A to server B.
takes 7 minutes to establish???
on Server A, I have the... (7 Replies)
Hello guys!
I am setting up a script to access a unix remote server. My problem is that when I put the ssh line "my host", the script does not wait for the server response asking for the password to execute the line in which I put the password, that is, I need to put a form in which script has a... (1 Reply)
Hi,
I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not...
I have .sh script like below and i have servers.txt contains all the list of servers
#/bin/bash
for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies
LEARN ABOUT MOJAVE
sc_auth
sc_auth(8) BSD System Manager's Manual sc_auth(8)NAME
sc_auth -- SmartCard authorization setup script
SYNOPSIS
sc_auth pair [-v] -u user -h hash
sc_auth unpair [-v] [-u user] [-h hash]
sc_auth pairing_ui [-v] [-f] [-s enable|disable|status]
sc_auth identities
sc_auth list [-v] [-u user] [-d domain]
sc_auth changepin [-t tokenid] [-u]
sc_auth enable_for_login -c class-id
SYNOPSIS - legacy
sc_auth accept [-v] [-u user] [-d domain] [-k keyname]
sc_auth accept [-v] [-u user] [-d domain] -h hash
sc_auth remove [-v] [-u user] [-d domain]
sc_auth hash [-k keyname]
DESCRIPTION
sc_auth configures a local user account to permit authentication using a supported SmartCard. Authentication is via asymmetric key (also
known as public-key) encryption. sc_auth works with signing keys, but not encryption keys.
sc_auth can perform the following actions:
pair Associate a user with a public key. Because user's keychain will be modified to be unlockable by a key, SmartCard with that key must
be present in the reader. The key to use has to be specified by its hash.
unpair Remove association with a user and keychain. If no specific hash is provided, all associations with a user are removed.
pairing_ui
Enable, disable and force to display pairing dialog when card with unpaired identities is inserted
identities
List all identities on all SmartCards and display appropriate associations with users (for associated keys) or key names (for unas-
sociated keys).
list List all public keys associated with a user.
changepin
Change or unblock SmartCard PIN. This command works only for Personal Identity Verification (PIV) SmartCards. With -u argument, PIN
can be unblocked using PUK and without the -u argument, PIN can be changed. Optional -t argument allows specifying tokenID.
enable_for_login
Enable the app extension for login and make the token available to the system for authentication.
DESCRIPTION - legacy
sc_auth can perform the following legacy actions:
accept Associate a user with a public key on a card. The key to use can be specified either by its name or its hash.
remove Remove all public keys associated with a user.
hash Print the hashes for all keys on all inserted cards.
OPTIONS -u user Specifies the user whose account is to be modified
-d domain
Specifies the directory domain containing the user account
-k keyname
Specifies a public key by its name
-h hash Specifies a public key by its hash
-v Verbose mode
-f Force to display pairing dialog
-t tokenid
Specifies a token by tokenID
-c class-id
Specifies a token by 'com.apple.ctk.class-id' from Info.plist
NOTES
sc_auth is a shell script. It is intended to be modified by administrators to suit their local environments.
sc_auth is only known to work with a local directory. Consult the script's source for some limited guidance to using remote directories.
SEE ALSO SmartCardServices(7), SmartCardServices-legacy(7), pam_smartcard(8)MacOSX December 11, 2006 MacOSX