03-31-2009
Only by running separate sshds on all network interfaces.
The better way to do this is AllowRootLogin without-password or AllowRootLogin forced-commands-only, then generate a public/private keypair for the vendor and restrict what they can do with the "command" option in ~root/.ssh/authorized_keys.
10 More Discussions You Might Find Interesting
1. Solaris
Hi, I want to ssh the linux server without inputting the password, how can I config this server?
Thanks in advance! (1 Reply)
Discussion started by: GCTEII
1 Replies
2. Red Hat
Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router.
so
-->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer.
my... (0 Replies)
Discussion started by: tedeansiii
0 Replies
3. IP Networking
hello i have a ubuntu ssh server that i can acess from any of my comnputers but only if they are on the same wireless network as the server. i tested trhis my tehtehring my samsung blackjack to my windows partition and installing openssh to windows it works when windows is on the wireless but no... (1 Reply)
Discussion started by: old noob
1 Replies
4. Solaris
Hi ,
when i try to passwordless connection login in ssh through putty, i am getting the "Server unexpectedly closed network connection" error.i have already finished the public and private key settings for the particular user.
thanks
MaroV (1 Reply)
Discussion started by: vr_mari
1 Replies
5. SCO
hi
How to enable ssh server on SCO unix 5.0.6 and allow remote root login? (2 Replies)
Discussion started by: ccc
2 Replies
6. Solaris
I have two servers, the first server is a sun x4170 and i need transfer zpool root (with all system) that this moment is mirror to new server x4200 , i don't now how can i clone , copy o migrate rpool (root) in new server by network. The two servers are different sites.
Do i need jumpstart or... (0 Replies)
Discussion started by: bombe
0 Replies
7. UNIX for Advanced & Expert Users
Solaris 10 Server refuse to connect :wall:
fork: Resource temporarily unavailable , server unexpectedly unavailable network connection , refuse error, disconnect message, fatal error type2, (protocol error type2)
Issue has been resolved after taken few steps :b:
First of all need to check... (1 Reply)
Discussion started by: taherahmed
1 Replies
8. Ubuntu
Hi
I hope someone can spot what is wrong with this ssh connection as it has me baffled.
I am trying to set up a remote ssh connection (passwordless) to a remote 'server', (Ubuntu laptop at home).
I have tried these steps with rsa and dsa key types, (currently dsa) -
1) ssh-keygen... (4 Replies)
Discussion started by: steadyonabix
4 Replies
9. Emergency UNIX and Linux Support
Hello,
I ahve written a shell script which is doing ssh from UNIX Sun Os to multiple Linux servers one by one using loop. but after first iteration the script is getting exit. Rather it should connect to other linux server as well one by one. Please refer belwo code.
#!/bin/ksh
#set -x... (2 Replies)
Discussion started by: skhichi
2 Replies
10. Solaris
Can ssh to server. Asks for password.
Then seems to time out and close the connection. Any ideas?
---------- Post updated at 09:30 AM ---------- Previous update was at 07:51 AM ----------
Here is output from ssh -vvv -l user <IPaddress>
debug3: packet_send2: adding 64 (len 59 padlen 5... (4 Replies)
Discussion started by: psychocandy
4 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)