|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
possible to lock accounts (passwd -l) and still allow acct to ssh to other server?
Post 302253476 by nitin on Friday 31st of October 2008 05:01:12 PM
10-31-2008
Even though the accounts are not directly logging in, they still need to login and hence cannot be set to /bin/false or /bin/nologin.
The only thing I can think of is to have users execute batch files from some other system. The batch file connects to your prod servers using only SSH keys and do what ever they have to do.
That way users don't have to 'su' on your Production and accidentally lock up the accounts.
Use SSH keys. You can even restrict IP or hostname access with these keys.
P.S. I would tell users to stop 'su' if they are not sure about the password first time...
HTH,
Nitin
The only thing I can think of is to have users execute batch files from some other system. The batch file connects to your prod servers using only SSH keys and do what ever they have to do.
That way users don't have to 'su' on your Production and accidentally lock up the accounts.
Use SSH keys. You can even restrict IP or hostname access with these keys.
P.S. I would tell users to stop 'su' if they are not sure about the password first time...
HTH,
Nitin
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello All,
I am a student sys admin and not a professional. I'd like to know how can I migrate the user accounts in the current server to a new server( to be installed) non-destructively. Also in what way the old server can be used after installation of the new server. I'd sincerely... (2 Replies)
Discussion started by: maybemedic
2 Replies
2. UNIX for Dummies Questions & Answers
Hi Admin,
I need a help regarding to lock the user for 5 days..
for example i want to lock user account from Monday 1.00AM to Friday 1.00PM..
is there any method to do from Cron or passwd command.
Regards,
Prem :cool: (2 Replies)
Discussion started by: Prem
2 Replies
3. UNIX for Advanced & Expert Users
I'd just like to know what you use for user account management on your DMZ servers?
Do you use the same authentication realm as internally?
Do you use a different authentication realm, perhaps only for the DMZ?
Do you use local accounts? (2 Replies)
Discussion started by: humbletech99
2 Replies
4. Solaris
I have turned off PermitEmptyPasswords in sshd_config, but a user with empty passwd (deleted by passwd -d user) can still login without password, why? it is big security concern, linux doesn't have the issue.
$ uname -a
SunOS 5.10 Generic_118855-14 i86pc i386 i86pc
... (8 Replies)
Discussion started by: honglus
8 Replies
5. Solaris
Hi,
I need to Change passwd for bulk servers using SSH script.
I have one server, from which i can reach all the servers without password via SSH.
There is some expect script, from which i can achieve it.
Can any one help me out here.
Thanks in advance.
Vicky (1 Reply)
Discussion started by: vickyingle5
1 Replies
6. Cybersecurity
Hi all,
I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4
when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Discussion started by: chlawren
0 Replies
7. Red Hat
Hi friends,
I must to give ssh connection to own customer.
So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user.
I am waitting your kindly helps :D
---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies
8. UNIX for Dummies Questions & Answers
I am trying to obtain all user accounts and their respective home directories.
/etc/passwd contains the required information, but I want to filter it to only show the uid,username and home directory path.
I am working on a Solaris 11 machine.
I made a little headway so far, but I got stuck... (7 Replies)
Discussion started by: Hijanoqu
7 Replies
9. UNIX and Linux Applications
i am new to scripting ,i need bash script in jump server to pull the /etc/passwd of all servers and the ssh keys are installed (3 Replies)
Discussion started by: profiles
3 Replies
10. Shell Programming and Scripting
Hi All, Wishes!!
I need some help to prepare a script to copy the public key from admin host to multiple client hosts to make them login without password.
Detailed :
I have an admin host "admin1" and i generated sshkeygen, now i have id_rsa.pub and i have around 50 client hosts. i... (4 Replies)
Discussion started by: kumar85shiv
4 Replies
LEARN ABOUT DEBIAN
partimaged-passwd
partimaged-passwd(8) Partition Image Server Configuration partimaged-passwd(8) NAME
partimaged-passwd - Manage partimaged user accounts SYNTAX
partimaged-passwd [-Dhl] username password partimaged-passwd [-Dhl] username DESCRIPTION
partimaged can either authenticate against local user accounts (This needs access to /etc/shadow. As this is a potential security risk this method is not recommended) or its own password database in /etc/partimaged/passwd.db. To simplify the management of the partimaged user database this tool was written. It allows to easily add and remove users or list the users in the database. All users in this database are allowed to access the partimaged server. OPTIONS
-D username Delete the specified user from the password file. -l List users in password file and exit. -h Output help information and exit. FILES
/etc/partimaged/passwd.db AUTHORS
Michael Biebl <biebl@debian.org> SEE ALSO
partimaged(8), partimagedusers(5), partimage(1) Michael Biebl <;biebl@teco.edu> 0.1 partimaged-passwd(8)