Ssh connection | Unix Linux Forums | Red Hat

  Go Back    


Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Ssh connection

Red Hat


Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 01-02-2013
maddy26615 maddy26615 is offline
Registered User
 
Join Date: Jan 2013
Last Activity: 9 March 2013, 11:59 PM EST
Posts: 6
Thanks: 3
Thanked 0 Times in 0 Posts
Tools Ssh connection

hi,

I have ssh connection between two servers for a functional Id for SFTP purpose.

I aim is to setup this for is only work when below command is used by a .ksh script.

ssh userid@servername:/directory

Unfortunately users who have access to functional id are manually using above command and start moving files between these two servers. I want to restrict this manual login and activate only for scripts that contains above command.

Please advise

Thanks.
Sponsored Links
    #2  
Old 01-02-2013
admin_xor's Avatar
admin_xor admin_xor is offline
Registered User
 
Join Date: Jun 2011
Last Activity: 8 April 2014, 5:55 AM EDT
Posts: 452
Thanks: 13
Thanked 79 Times in 76 Posts
You have to specify ChrootDirectory in /etc/ssh/sshd_config which will be chroot-ed during an sftp session. You may make this as the home directory for the "functional ID" (shared ID I suppose).


Code:
ChrootDirectory=/directory

Sponsored Links
    #3  
Old 01-02-2013
thmnetwork thmnetwork is offline
Registered User
 
Join Date: Mar 2004
Last Activity: 13 April 2013, 4:20 PM EDT
Location: Boise, Idaho, United States
Posts: 144
Thanks: 13
Thanked 6 Times in 6 Posts
So my understanding of your question is that you want to have passwordless ssh command only work if its invoked by a particular script?

Really, the only reasonable way I can think to do that is:
1) push the passwordless ability to some other user
2) have that script be invoked via a sudo to that user and only that script.

That would get you to the point where you would do something like:


Code:
sudo -iu newUser /path/to/script.ksh

Ultimately, it's about removing the shared account's ability to directly use the public/private key associated with the remote login. Whether that involves pushing the passwordless functionality to a different user and just control who can run the script as the newer user (as described above) or leaving it in place and having people use a different shared account, that's what needs to happen.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
SSH connection issue Pratik4891 Shell Programming and Scripting 3 08-30-2011 01:33 AM
ssh connection with java amine Programming 0 08-14-2009 10:28 AM
ssh connection olli-h UNIX for Dummies Questions & Answers 1 03-16-2006 04:40 AM
ssh connection lealyz UNIX for Advanced & Expert Users 9 11-14-2003 01:39 AM



All times are GMT -4. The time now is 08:08 PM.