Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: "scp" access denied:/etc/security/access.conf
Operating Systems Linux SuSE "scp" access denied:/etc/security/access.conf Post 302310180 by sysgate on Friday 24th of April 2009 01:37:46 AM
Old 04-24-2009
Hello, I hope it's not too late. First, to answer your question - I don't think that with the current configuration you can overcome this security limitation. Probably those rules are enforced by your system administrator, so the best way is to communicate with the responsible person how to achieve your scp task. Probably, you can have a special designated user only for that task that will be allowed only scp from this host to a specific host, if your task's requirements are so simple. Else, perhaps you can go with more advanced rule, such as : -: ALL EXCEPT root user:10.191.4.244 - where IP address is fictional. This line means that ssh will only accept login access from root/user from IP address 10.191.4.244. If that is acceptable, you will need a modifications to PAM file as well.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl CGI to access / edit "root" owned config files

I am trying to write a CGI program which accesses UNIX configuration files and changes them as required. The thing is, I don't want the CGI program to be "root" owned - it's Perl based! Is there any way that the Perl CGI program can request a username and password - and then use this to... (1 Reply)
Discussion started by: WIntellect
1 Replies

2. Cybersecurity

how to access computer behind cable modem, from outside,across "the Internet"

hi im running a web server running, connected to my cable modem, which, as usual, has 2 different network address. one from "outside"(ie from isp), and the other for the internal network. im giving a static ip to the server.how do i access this server from outside the network across "the... (2 Replies)
Discussion started by: R00tSc0rpi0n
2 Replies

3. Shell Programming and Scripting

bash: cd command to access "strange" directories

I have a problem using bash. Simply, I cannot find the right command (if there's one!) to enter in the "- Arch_02 -" directory. As you can see, the name begins with a hyphen and this is causing some trouble: localhost arch2 # pwd /mnt/arch2 localhost arch2 # ls -l total 4 dr-x------ 1 root... (3 Replies)
Discussion started by: robotronic
3 Replies

4. Solaris

VNC "Access denied"

Hi guys, I am having a problem with my VNC, Actually i am using my VNC session for last two month. but now it's show me the "Access denied" when i am trying to access it. I checked the logs, then i found it has blacklisted by server. error is something like "Connections: rejecting blacklisted... (0 Replies)
Discussion started by: daya.pandit
0 Replies

5. Linux

VNC "Access Denied"

Hi guys, I am having a problem with my VNC, Actually i am using my VNC session for last two month. but now it's show me the "Access denied" when i am trying to access it. I checked the logs, then i found it has blacklisted by server. error is something like "Connections: rejecting blacklisted... (1 Reply)
Discussion started by: daya.pandit
1 Replies

6. UNIX for Dummies Questions & Answers

User gets "The operation could not be completed because you do not have enough access privileges."

Does anyone know why this could be happening? User tries to save into a directory, but gets the error message. I checked permissions on directory and see the following: drwxrwxr-x 10 root pm 1024 Nov 22 14:46 Folder 1 drwxrwxr-x 10 root pm 1024 Oct 19 ... (1 Reply)
Discussion started by: scrivic
1 Replies

7. UNIX for Dummies Questions & Answers

Apache Hanging. "pkcs11_softtoken: Keystore access failed"

This morning my apache server was stalled (or hanging, frozen, whatever the proper term is) and no web pages would load. I wouldn't get any error page, just an infinitely loading browser. After restarting apache, everything was fine. The apache error logs had nothing in them besides logging the... (1 Reply)
Discussion started by: gadonj18
1 Replies

8. Virtualization and Cloud Computing

Need to use UNIX to access a file from "the cloud"

Normally files are given to us via FTP and we use a program (DMX) to pull that file into our database. I have been told that we will be receiving a new file via "the cloud" and I need to prepare a method to access and otherwise process this file using UNIX/LINUX. I realize my request raises more... (1 Reply)
Discussion started by: craigwg
1 Replies

9. Linux

Read only access for Group called "Developers" to all folders on the Centos 6.6

Linux Gurus, I need to provide Read only access for particular group of users, they should have Read only access to entire server except their Home directory. I tried using setfacl that's not helping. Can you please suggest is there any other alternate way to address this request. Your help is... (5 Replies)
Discussion started by: shekar777
5 Replies

10. Solaris

Changing "rx_queue_number" in "ixgbe.conf". Reboot or Network Restart?

Hi all, First post here. Working on Solaris 10, on a Sun t4-4, need to change RX queue depth(ethernet, not HBA) and was wondering if i could get by with just restarting the network or if i should just bounce the whole shebang. Apologies if i missed a similar thread. if there is one, please... (2 Replies)
Discussion started by: caspnx
2 Replies

LEARN ABOUT HPUX

hosts.equiv

hosts.equiv(4)						     Kernel Interfaces Manual						    hosts.equiv(4)

NAME

       hosts.equiv, .rhosts - security files authorizing access by remote hosts and users on local host

DESCRIPTION

       The  file  and files named found in users' home directories specify remote hosts and users that are "equivalent" to the local host or user.
       Users from equivalent remote hosts are permitted to access a local account using or or to to the local account without supplying a password
       (see rcp(1), remsh(1), and rlogin(1)).  The security provided by is implemented by the library routine, (see rcmd(3N)).

       In this description, hostequiv means either the system file or the user file.  Note that must be owned either by the root or by the user in
       whose home directory it is found and it must not be a symbolic link.  The file defines  system-wide  equivalency,  whereas  a  user's  file
       defines equivalency between the local user and any remote users to whom the local user chooses to allow or deny access.

       An entry in the hostequiv file is a single line (no continuations) in the format:

       Thus, it can be:

	      o  A blank line.

	      o  A comment line, beginning with a

	      o  A host name, optionally followed by a comment.

	      o  A host name and user name, optionally followed by a comment.

	      A host or user name is a string of printable characters, excluding whitespace, newlines, and

	      Names are separated by whitespace.

       For  a  user  to be granted access, both the remote host name and the user name must "match" an entry in hostequiv.  When a request is made
       for access, the file is searched first.	If a match is found, access is permitted.  If no match is found, the  file  is	searched,  if  one
       exists in the local user's home directory.  If the local user is a superuser, is ignored.

       A host name or user name must match the corresponding field entry in hostequiv in one of the following ways:

	      Literal match	       A host name in hostequiv can literally match the official host name (not an alias) of the remote host.

				       A  user	name in hostequiv can literally match the remote user name.  For a user name to have literal match
				       in the file, the remote user name must literally match the local user name.

	      Domain-extended match    The remote host name to be compared with entries in hostequiv is typically the official host name  returned
				       by  (see gethostent(3N)).  In a domain-naming environment, this is a domain-qualified name.  If a host name
				       in hostequiv does not literally match the remote host name, the host  name  in  hostequiv  with	the  local
				       domain name appended may match the remote host name.

	      If the host name in      hostequiv  is  of  this	form, and if name literally matches the remote host name or if name with the local
				       domain name appended matches the remote host name, access is denied regardless of the user name.

				       If the user name in hostequiv is of this form, and name literally matches the remote user name,	access	is
				       denied.

				       Even if access is denied in this way by access can still be allowed by

	      Any remote host name matches the host name
				       in hostequiv.

				       Any remote user matches the user name

	      netgroup_name	       is  the	name of a network group as defined in netgroup(4).  If the host name in hostequiv is of this form,
				       the remote host name (only) must match the specified network group according to the rules defined  in  net-
				       group(4) in order for the host name to match.

				       Similarly, if the user name in hostequiv is of this form, the remote user name (only) must match the speci-
				       fied network group in order for the user name to match.

	      netgroup_name	       is the name of a network group as defined in netgroup(4).  If the host name in hostequiv is of  this  form,
				       and  if	the  remote host name (only) matches the specified network group according to the rules defined in
				       netgroup(4), access is denied.

				       Similarly, if the user name in hostequiv is of this form, and if the remote user name  (only)  matches  the
				       specified network group, access is denied.

				       Even if access is denied in this way by access can still be allowed by

EXAMPLES

       1.     on contains the line:

	      and on is empty.	User on can use to or to account on without being prompted for a password.  will, however, be prompted for a pass-
	      word with or denied access with from to

	      If in the home directory of user on contains:

	      or

	      then user can access from

       2.     is in the domain and are in the domain in the home directory of user on contains:

	      User can access from since matches with local domain appended.  But user from cannot access since does not match In order  for  user
	      to be able to access from file on must contain:

	      since is in a different domain.

       3.     in the home directory of user on contains:

	      on contains the line:

	      However,	there is no file in the home directory of user on The user on can to account on without being prompted for a password, but
	      on cannot to account on

       4.     in the home directory of user on contains:

	      User from any host is allowed to access account on User from any host except can access account on

       5.     on contains the lines:

	      Any user from except is allowed to access an account on with the same user name.	However, if in the home directory of user on  con-
	      tains:

	      then user from can access account on

       6.     on contains the line:

	      The network group consists of:

	      If is not running Network Information Service (NIS), user on any host can access account on

	      If is running Network Information Service (NIS), and is in the domain user on any host, whether in or not, can access account on

	      However, if in the home directory of user on contains the line:

	      and is either not running Network Information Service (NIS) or is in domain no user on any host can access the account on If is run-
	      ning Network Information Service (NIS) but is not in the domain this line has no effect.

       7.     on contains the line:

	      The network group consists of:

	      All users on are denied access to

	      However, if in the home directory of a user on contains any of the following lines:

	      then user on can access that account on

WARNINGS

       For security purposes, the files and should exist and be readable and writable only by the owner, even if they are empty.

       Care must be exercised when creating the

       The option to and prevents any authentication based on files for users other than a superuser.

AUTHOR

       was developed by the University of California, Berkeley.

       The and extensions were developed by Sun Microsystems, Inc.

FILES

SEE ALSO

       rcp(1), rdist(1), remsh(1), rlogin(1), remshd(1M), rlogind(1M), gethostent(3N), rcmd(3N), netgroup(4).

																    hosts.equiv(4)
All times are GMT -4. The time now is 02:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy