06-01-2008
Quote:
Originally Posted by
vjkatsun
In public key it contains root@host1 - which is fine. Coz, am always logged as root in host1 - so no need to change
On host 2, when you try to login as user@host1 sshd will look for a public key belonging to user@host1, not root@host1 even if you invoque
ssh user@host2 in a root session on host1. Hence the need to edit the public key indentification in the host2 authorized_keys. Or to create a new pair of keys for
user
To trouble shoot:
$ tail -f /var/log/auth.log | grep ssh # adapt to the log name or UID specific to your *nix box
and report errors when trying to connect.
Last edited by ripat; 06-01-2008 at 02:51 PM..
Reason: Add: trouble shoot
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi there
Probably a really simple question but I am writing an install script and at certain stages of the install (ie creating a table in mysql) the system prompts for you to enter a password, I was wondering, how do I script this input so that the install doesnt keep stopping for manual... (3 Replies)
Discussion started by: hcclnoodles
3 Replies
2. UNIX for Advanced & Expert Users
I would like to log all the commands that are entered on an ssh client. I can do this successfully, however, I dont want to log user logins and passwords. Is there any way to identify passwords and avoid them? For example, I can look for a string 'password:' and ignore everything until a nl/cr. Is... (2 Replies)
Discussion started by: balag
2 Replies
3. UNIX for Dummies Questions & Answers
How can I know users have changed their passwords ? I don't need their password (!) I have to know if they have changed their pass word and when ?
Thank you in advance for any SIMPLE answer. (6 Replies)
Discussion started by: annemar
6 Replies
4. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
5. Red Hat
I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully).
Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies
6. UNIX Desktop Questions & Answers
Hi there,
I'm working with a Linux server and now I can get a daily Logwatch mail ... my question is:since there are too many users with root password (...in my opinion... :mad:) how could I prevent to delete information about "su" log?
Thanks in advance,
GB (3 Replies)
Discussion started by: Giordano Bruno
3 Replies
7. AIX
Hi
I have experienced this for years and just put up with it. However a client of mine now wants to stop this happening to their users. I have scoured the internet but can find no reference to the problem. I tried switching to PAM authentication thinking this might help but it made no... (6 Replies)
Discussion started by: johnf
6 Replies
8. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
9. Shell Programming and Scripting
Hi, I'm writing a script,
in the script I need to use tcpdump to capture some packets
however it needs root priviledge
my computer is configured by school and I have no real root priviledge
so I can't use sudo on my computer,like
Code:
sudo tcpdump ......
I have to use a limited... (1 Reply)
Discussion started by: esolve
1 Replies
10. Red Hat
Hello Experts,
when I am trying to connect my target server through sftp after creating ssh password less setup, it is asking for passowrd to connect.
to setup this I followed below process:
-->generated keys by executing the command "ssh-keygen -t rsa"
-->this created my .ssh directory... (9 Replies)
Discussion started by: Devipriya Ch
9 Replies
LEARN ABOUT OSF1
hosts.equiv
hosts.equiv(4) Kernel Interfaces Manual hosts.equiv(4)
NAME
hosts.equiv - A file containing the names of remote systems and users that can execute commands on the local system
SYNOPSIS
/etc/hosts.equiv
DESCRIPTION
The /etc/hosts.equiv file and the .rhosts file in a user's home directory contain the names of remote hosts and users that are equivalent
to the local host or user. An equivalent host or user is allowed to access a local nonsuperuser account with the rsh command or rcp com-
mand, or to log in to such an account without having to supply a password.
The /etc/hosts.equiv file specifies equivalence for an entire system, while a user's .rhosts file specifies equivalence between that user
and remote users. The local user and the target system exist in the same area as the hosts.equiv file. The .rhosts file must be owned by
the user in whose home directory the file is located, or by the superuser. It cannot be a symbolic link.
Each line, or entry, in hosts.equiv or .rhosts may consist of the following: A blank line. A comment (begins with a #). A host name (a
string of any printable characters except newline, #, or white space). In addition, an NIS netgroup can be specified in place of the host
name. A host name followed by white space and a user name. In addition, an NIS netgroup can be specified in place of the host name, user
name, or both. A single plus (+) character. This means any host and user. The keyword NO_PLUS. This keyword disallows the use of the plus
character (+) to match any host or user on a system-wide basis. By default, the line containing this keyword is a comment. Remove the com-
ment character to disallow the use of the plus character.
Entries in the hosts.equiv file are either positive or negative. Positive entries allow access; negative entries deny access. The following
entries are positive: host name user name +@netgroup
In addition, the plus sign (+) can be used in place of the host name or user name. In place of the host name, it means any remote host. In
place of the user name, it means any user.
The following entries are negative: -host name -user name -@netgroup
To be allowed access or denied access, a user's remote host name and user name must match an entry in hosts.equiv or .rhosts. The
hosts.equiv file is searched first; if a match is found, the search ends. Therefore, the order in which the positive and negative entries
appear is important. If a match is not found, .rhosts is searched if it exists in the user's home directory.
A host name or user name can match an entry in hosts.equiv in one of the following ways: The official host name (not an alias) of the
remote host matches a host name in hosts.equiv. The remote user name matches a user name in hosts.equiv. If a user name parameter is
included in the hosts.equiv file, this means that the remote user is a trusted user and is allowed to rlogin to any local user account
without being prompted for a password. Otherwise, if the user name parameter is not specified in the hosts.equiv file, the name of the
remote user must match that of the local user. If the remote user name does not match a user name in hosts.equiv, the remote user name
matches the local user name.
CAUTIONS
For security purposes, the files /etc/hosts.equiv and .rhosts should exist and be readable and writable only by the owner, even if they are
empty.
EXAMPLES
The following are sample entries in an /etc/hosts.equiv file: # Allows access to users on host1 and host2 that have accounts on this host:
host1 host2 # Allows access to user johnson on host1 to any local user: host1 johnson # Allows access to all users on systems specified in
netgroup chicago +@chicago # Denies access to users specified in netgroup finance on host5 host5 -@finance # Allows access to all users on
all systems except root + -root
RELATED INFORMATION
Commands: rcp(1), rlogin(1), rsh(1)
Functions: ruserok(3).
Files: netgroup(4)
Daemons: rlogind(8), rshd(8) delim off
hosts.equiv(4)