03-06-2009
SSH Password-less login fails on password expiry.
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this the way it is designed?
Thanks
HG
10 More Discussions You Might Find Interesting
1. HP-UX
There is two server, server A and server B. In server A, I would like to login ssh to server B without typing password. (no need for ssh2)
Therefore, I do the followings:
Server A:
>cd ~
>mkdir .ssh
>ssh-keygen -t dsa -f .ssh/id_dsa
Then copy the file id_dsa.pub to Server B
Server B:... (2 Replies)
Discussion started by: alfredo
2 Replies
2. Shell Programming and Scripting
ssh/sftp login by passing password , is it possible.Don't want to expect. (1 Reply)
Discussion started by: dinjo_jo
1 Replies
3. Solaris
Hi,
I am using DSEE 6.3 to authenticate and authorize my Solaris 9 and 10 users. Everything works fine except password expiration. I use built-in global password policy for all users. The policy works well. However I could not find the right pam configuration in order to prompt users at ssh... (2 Replies)
Discussion started by: niyazi
2 Replies
4. Shell Programming and Scripting
Hello,
I need to find a way to connect from server1 to 30 other servers using a single line command in order to run various command from the other 30 servers.
I am looking for a single line connection command in which i can provide the server name user name and password and connect to the... (2 Replies)
Discussion started by: LiorAmitai
2 Replies
5. Emergency UNIX and Linux Support
Hi All,
I am facing issue in setting up passwordless login through ssh on two Solaris-10 boxes. user-id ravrwa from server tsapiq04-zrwdq01 should be able to login to server tsbrit03 as cpsuserq, which is not happening. I am not sure where is the problem, while keys are already all set. Here is... (14 Replies)
Discussion started by: solaris_1977
14 Replies
6. Solaris
Hello friends,
I have the problem with password less login in solaris 10.
Issue : In solaris 10 I have 2 different users on is oracle and the other is archmon. when I try to ssh to the other server from oracle it is successful but when I try to ssh from archmon it fails, and it asks for the... (1 Reply)
Discussion started by: Pavankrv
1 Replies
7. SuSE
Hello,
I can't seem to get the password less login to work on one of my SLES 11 servers. My ssh agent lets me login to all my other servers, which are Solaris 10, RHEL 5, and SLES 11 servers. Some servers mount my home directory and others don't.
The server that I'm having an issue with doesn't... (7 Replies)
Discussion started by: bitlord
7 Replies
8. Cybersecurity
Hi,
I have setup password less ssh connection between Server A and Server B and I am able to connect with User2.
But my requirement is, User 1 run a script in Server A to ssh into Server B as User 2 but it is asking password every time I execute.
Server A:
Login as User 1 and execute sh... (8 Replies)
Discussion started by: sakthi.99it
8 Replies
9. Cybersecurity
Hi,
It is continuation with my other thread, The issue i found is U1 does not set properly for password less ssh.
for setting up password less ssh i followed the following steps
1. ssh-keygen
2. ssh-copy-id -i ~/.ssh/id_rsa.pub hostname
3. /usr/bin/ssh -t -t U1@hostname sample.sh
... (3 Replies)
Discussion started by: sakthi.99it
3 Replies
10. Red Hat
I am using redhat 6.4 and i want to login ssh without password kindly guide me (2 Replies)
Discussion started by: kannansoft1985
2 Replies
LEARN ABOUT ULTRIX
authenticate_user
authenticate_user(3x) authenticate_user(3x)
Name
authenticate_user - authenticate user
Syntax
#include <pwd.h>
#include <auth.h> /* For error codes */
int authenticate_user(user, password, line)
struct passwd *user;
char *password;
char *line;
Arguments
user
A pointer to the passwd entry.
password
A pointer to the password.
line
The name of the terminal line as it is listed in the file.
Description
The routine authenticates a user name or UID against a supplied password and returns a nonnegative integer on success. The value returned
is the number of failed login authentication attempts since the last successful login authentication (or zero if this feature is not
enabled). This routine is found in the library and loaded with the -lauth option.
At all security levels higher than BSD, the login fail count in the auth database is incremented if authentication fails, and cleared if it
succeeds. In addition, the account must be marked enabled for logins as defined by the Account Mask value for A_LOGIN. See for informa-
tion about the Account Mask values.
If a non-NULL value is supplied for the argument and the argument is not the empty string, the function also verifies that the specified
user is allowed access through that line. In particular, accounts with a UID equal to zero will return success only if the specified line
is marked secure in the file.
Restrictions
The process must have read access to the auth database to authenticate users in a secure environment.
The process must have read/write access to the auth database to update the authentication fail count.
If auth information is being served through BIND, the process is required to obtain a Kerberos ticket for that service before invoking this
function.
Example
extern int errno;
struct passwd *pwd;
int status;
pwd = getpwnam("root");
status = authenticate_user(pwd, "rootpass", "/dev/console");
if(status < 0)
if(errno == EPERM)
puts("Login failed");
else
perror("authenticate_user");
else
if(status > 0)
printf("%d failed attempts
", status);
Return Values
When successful, the routine returns the number of failed login authentication attempts since last successful login authentication.
When an error occurs, errno is set and a negative error code is returned. The error code returned may be the same as errno or it may be an
extended error code defined in
Diagnostics
On error return errno may be set to one of the following values:
[EPERM] Either the password is incorrect, the password is expired, the specified line needs to be secure and is not, or the
account is disabled and a login authentication is required.
[EINVAL] No authentication information for user.
[ENOSYS] Security subsystem not configured correctly.
[EACCES] Process does not have read access to the necessary information.
On error return the return value may be the same as errno or, if errno is [EPERM], it may be one of the following additional values defined
in
[A_EBADPASS] The supplied password was incorrect.
[A_ESOFTEXP] The account's password expired recently.
[A_EHARDEXP] The account's password expired quite some time ago.
[A_ENOLOGIN] The account is not enabled.
[A_EOPENLINE] The account requires a secure line and the specified line was not marked that way in the file.
Files
Environment
If the system is operating in the BSD security level, the password expiration, login fail count, and account disabling features are not
available (and therefore are not used in authentication computations).
See Also
getauthent(3x), getpwent(3), auth(5), passwd(5yp), ttys(5)
authenticate_user(3x)