06-01-2008
SSH prompts password for non identical users
host1 & host2 : Solaris 10 - SPARC server
From host1 able to ssh to host2 as same user with out password prompt. But, when ssh to different user in
host2, it prompts for password
DETAILS
=======
In host1:
1) logged as root
2) ssh-keygen -t dsa -b 1024 (no pass phrase)
3) Ensured that permission for /.ssh is 700 & for id_dsa is 600
4) copied id_dsa.pub to host2 : /.ssh
In host2:
1) logged as root
2) cp /.ssh/id_dsa.pub /.ssh/authorized_keys
3) Ensured that permission for /.ssh is 700 & for authorized_keys is 644
From host1:
1) Login as root
2) ssh host2 - Successfully logs in with OUT asking for the password
In host2
1) created a new userid - abcd - homedir /opt/abcd
2) created /opt/abcd/.ssh - 700
3) copied /.ssh/authorized_keys to /opt/abcd/.ssh/authorized_keys 644
From host1:
1) Login as root
2) ssh abcd@host2 - prompts for password.
What should be done so that, from host1, I can ssh for any user in host2 without getting the password prompt
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi there
Probably a really simple question but I am writing an install script and at certain stages of the install (ie creating a table in mysql) the system prompts for you to enter a password, I was wondering, how do I script this input so that the install doesnt keep stopping for manual... (3 Replies)
Discussion started by: hcclnoodles
3 Replies
2. UNIX for Advanced & Expert Users
I would like to log all the commands that are entered on an ssh client. I can do this successfully, however, I dont want to log user logins and passwords. Is there any way to identify passwords and avoid them? For example, I can look for a string 'password:' and ignore everything until a nl/cr. Is... (2 Replies)
Discussion started by: balag
2 Replies
3. UNIX for Dummies Questions & Answers
How can I know users have changed their passwords ? I don't need their password (!) I have to know if they have changed their pass word and when ?
Thank you in advance for any SIMPLE answer. (6 Replies)
Discussion started by: annemar
6 Replies
4. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
5. Red Hat
I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully).
Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies
6. UNIX Desktop Questions & Answers
Hi there,
I'm working with a Linux server and now I can get a daily Logwatch mail ... my question is:since there are too many users with root password (...in my opinion... :mad:) how could I prevent to delete information about "su" log?
Thanks in advance,
GB (3 Replies)
Discussion started by: Giordano Bruno
3 Replies
7. AIX
Hi
I have experienced this for years and just put up with it. However a client of mine now wants to stop this happening to their users. I have scoured the internet but can find no reference to the problem. I tried switching to PAM authentication thinking this might help but it made no... (6 Replies)
Discussion started by: johnf
6 Replies
8. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
9. Shell Programming and Scripting
Hi, I'm writing a script,
in the script I need to use tcpdump to capture some packets
however it needs root priviledge
my computer is configured by school and I have no real root priviledge
so I can't use sudo on my computer,like
Code:
sudo tcpdump ......
I have to use a limited... (1 Reply)
Discussion started by: esolve
1 Replies
10. Red Hat
Hello Experts,
when I am trying to connect my target server through sftp after creating ssh password less setup, it is asking for passowrd to connect.
to setup this I followed below process:
-->generated keys by executing the command "ssh-keygen -t rsa"
-->this created my .ssh directory... (9 Replies)
Discussion started by: Devipriya Ch
9 Replies
LEARN ABOUT OPENSOLARIS
scp
scp(1) User Commands scp(1)
NAME
scp - secure copy (remote file copy program)
SYNOPSIS
scp [-pqrvBC46] [-F ssh_config] [-S program] [-P port]
[-c cipher] [-i identity_file] [-o ssh_option]
[ [user@]host1:]file1 []... [ [user@]host2:]file2
DESCRIPTION
The scp utility copies files between hosts on a network. It uses ssh(1) for data transfer, and uses the same authentication and provides
the same security as ssh(1). Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication.
Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. Copies between two
remote hosts are permitted.
OPTIONS
The following options are supported:
-4 Forces scp to use IPv4 addresses only.
-6 Forces scp to use IPv6 addresses only.
-B Selects batch mode. (Prevents asking for passwords or passphrases.)
-c cipher Selects the cipher to use for encrypting the data transfer. This option is directly passed to ssh(1).
-C Compression enable. Passes the -C flag to ssh(1) to enable compression.
-F ssh_config Specifies an alternative per-user configuration file for ssh(1.).
-i identity_file Selects the file from which the identity (private key) for RSA authentication is read. This option is directly passed
to ssh(1).
-o ssh_option The given option is directly passed to ssh(1).
-p Preserves modification times, access times, and modes from the original file.
-P port Specifies the port to connect to on the remote host. Notice that this option is written with a capital `P', because -p
is already reserved for preserving the times and modes of the file in rcp(1).
-q Disables the progress meter.
-r Recursively copies entire directories.
-S program Specifies the name of the program to use for the encrypted connection. The program must understand ssh(1) options.
-v Verbose mode. Causes scp and ssh(1) to print debugging messages about their progress. This is helpful in debugging con-
nection, authentication, and configuration problems.
OPERANDS
The following operands are supported:
host1, host2,... The name(s) of the host from or to which the file is to be copied.
file1, file2,... The file(s) to be copied.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
rcp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), sshd(1M), ssh_config(4), attributes(5)
NOTES
Generally, use of scp with password or keyboard-interactive authentication method and two remote hosts does not work. It does work with
either the pubkey, hostbased or gssapi-keyex authentication method. For the pubkey authentication method, either private keys not pro-
tected by a passphrase, or an explicit ssh agent forwarding have to be used. The gssapi-keyex authentication method works with the ker-
beros_v5 GSS-API mechanism, but only if the GSSAPIDelegateCredentials option is enabled.
SunOS 5.11 22 Jun 2007 scp(1)