01-28-2008
SSH keys and command limiting ...
Hi, I've just been trying to setup so that server1 can ssh into server2 and execute a limited set of commands only without password login. I want it also to be able to login with a password if no command given at all though (bit I'm stuck on).
I have got this almost working with authorized_keys and
from="hostofserver1",command="/pathtocomandstocheck.sh" rest of key> in authorized_keys file.
This all works fine, so I can "ssh server2 ls" and all works fine (as I have allowed ls in the script). If I enter a wrong command it doesn't do anything and kicks me out. So far so good.
Only problem is that with that key/entry in place, I can no longer login to the box normally if wanted with a normal password.
So I want to be able to "ssh server1 ls" checks keys and it works, no password needed. Or just "ssh server1" and it asks for a password, and assuming correct gives me a shell.
Any ideas, just the last bit I'm stuck on.
Thanks in advance.
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hey guys im rly new to unix. im attempting to list the 5 largest files in a directory.
so i got this far...
ls -lR | sort -r
and this lists all files by filesize, how can i limit this to only the 5 largest? (4 Replies)
Discussion started by: Aesop
4 Replies
2. UNIX for Advanced & Expert Users
Hello,
I'm wondering if anyone has a step-by-step instruction set for setting up ssh keys? I've gone through many of the manuals online (most seem to be from the same source) and it's a little bit unclear when the documentation is talking about the server versus the client machine. I'm missing... (1 Reply)
Discussion started by: sysera
1 Replies
3. UNIX for Dummies Questions & Answers
Hello*! I have problems with public keys. On one side i have Solaris 10, and on other side is HP UNIX. I created public keys on Solaris with "ssh-keygen -t rsa", append id_rsa.pub key to ~user/.ssh/authorized_keys on remote machine, and tried to connect with ssh without password. But for some... (1 Reply)
Discussion started by: ghost01
1 Replies
4. UNIX for Dummies Questions & Answers
Hi everyone,
i wanted to generate ssh keys so that i can include the public key in the remote sever, so that for subsequent logins, i can do away with the keying in of the password. I consulted the man ssh-keygen man pages. "..Normally each user wishing to use SSH with RSA or DSA... (1 Reply)
Discussion started by: new2ss
1 Replies
5. Shell Programming and Scripting
Hi All,
I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server.
Please provide the information for the above, it would be helpful for me.
Thanks,
Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies
6. Shell Programming and Scripting
Hi frnz,
I work in an environment, where I need to login to multiple UNIX sessions(Always types my password when prompted for)
I heard of ssh keys which provides us a valid authentication and that avoids us typing the password.
Now I want to generate the ssh keys and use in my... (2 Replies)
Discussion started by: dnam9917
2 Replies
7. Solaris
Hello,
I could use some help with my ssh keys and agent.
This is the issue. I have 2 different UNIX systems at work. One is the normal Solaris servers with my uid being the same throughout all the servers. I now have a different system for my desktop. A contractor came in and installed some SUN... (0 Replies)
Discussion started by: bitlord
0 Replies
8. Red Hat
I am currently working on setting up a server to scp some files over for backup purposes.
Server 1 - Bob (Appliance)
Server 2 - Sana (RH 5)
Server 1 -
1 - Generated RSA2
2 - Collected the public key to be input on the backup server = Sana
Server 2 -
1 - This is were I am stuck the... (4 Replies)
Discussion started by: NelsonC
4 Replies
9. Shell Programming and Scripting
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Discussion started by: syrius
11 Replies
LEARN ABOUT LINUX
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)
NAME
ssh-keysign -- ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
EnableSSHKeysign to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about host-based authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if host-
based authentication is used.
/etc/ssh/ssh_host_dsa_key-cert.pub
/etc/ssh/ssh_host_ecdsa_key-cert.pub
/etc/ssh/ssh_host_rsa_key-cert.pub
If these files exist they are assumed to contain public certificate information corresponding with the private keys above.
SEE ALSO
ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
AUTHORS
Markus Friedl <markus@openbsd.org>
BSD
August 31, 2010 BSD