05-17-2009
1. You should not publish keys - your system is now wide open
2. In unix the keys go in the home directory of the user under the .ssh directory -- permissions on .ssh == 700.
3. The user's home directory should not be world writable.
Last edited by jim mcnamara; 05-17-2009 at 08:09 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi all,
I have got a Solaris machine and I have several user account setup up with the .ssh and authorized_keys file in their home directories.
I have check all the permission and ownership and they are all indentical and belongs to the user ID and group respectively. However one of the... (3 Replies)
Discussion started by: stancwong
3 Replies
2. Shell Programming and Scripting
Hello Guys,
I need your help. I am trying to create a script to change password for multipls servers but having problem when it comes to ssh key authentication. Does anyone have a sample script that will disable ssh key authentication for multiple servers?;) (3 Replies)
Discussion started by: youdexter
3 Replies
3. Shell Programming and Scripting
Hi Team,
we have problem with sftp. Though SA team has setup the keys between 2 server, sftp still prompts for the password. After many attempt to rectify the problem, SA has asked us force the SSH key based authentication by using following command.
sftp2 --indetity="folder/private_key"... (6 Replies)
Discussion started by: ace_friends22
6 Replies
4. Red Hat
Hi All;
I have an issue with password less authentication via ssh ( v2)
I have two servers Server A and Server B, following are the server details
Server A
OS - HP UX B.11.11 U 9000/800
SSH - OpenSSH_4.3p2-hpn, OpenSSL 0.9.7i 14 Oct 2005
HP-UX Secure Shell-A.04.30.000, HP-UX... (3 Replies)
Discussion started by: maverick_here
3 Replies
5. Solaris
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Discussion started by: aixlover
1 Replies
6. HP-UX
We are trying to do a key exchange from Sun solaris server to HP UNIX server. Errro we are getting is as below:-
sshd2: connection from "10.13.240.6"
sshd2: auths-pam: PAM subprocess returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msg: General Commercial Security error)
sshd2: User... (4 Replies)
Discussion started by: sandipmandal
4 Replies
7. UNIX for Advanced & Expert Users
I setup passwordless authentication on a Ubuntu vm by ssh'ing into the localhost. I'm trying to do the same thing on another machine but it's not working. I believe I have the permissions setup properly and keygen'd. Is there a way to disable passwordless authentication? I have permission to... (4 Replies)
Discussion started by: MaindotC
4 Replies
8. Red Hat
Hello,
Need a suggestion to setup private key passwordless authentication. I am not sure this can done or not :wall:
here is the sincerio
I have two servers, sever1 with a user "user1" and servera with usera
here dataflow: usera from servera, will pull/push files to server1 on user1... (2 Replies)
Discussion started by: bobby320
2 Replies
9. UNIX for Advanced & Expert Users
Hi All,
this is the very first time i am going to use SSH authentication. first i login to server@ and under this ..ssh directory of servera i used this following command:
ssh-keygen -t rsa -b 1024
and i had 2 files(bravo_dbtest and bravo_dbtest.pub) created respectively, further i copied the... (13 Replies)
Discussion started by: lovelysethii
13 Replies
10. UNIX for Advanced & Expert Users
hi All,
this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies
LEARN ABOUT LINUX
nisauthconf
nisauthconf(1M) System Administration Commands nisauthconf(1M)
NAME
nisauthconf - configure NIS+ security
SYNOPSIS
nisauthconf [-v] [mechanism,...]
DESCRIPTION
nisauthconf controls which authentication flavors NIS+ should use when communicating with other NIS+ clients and servers. If the command
is not executed, then NIS+ will default to the AUTH_DES authentication flavor when running security level 2. See rpc.nisd(1M).
nisauthconf takes a list of authentication mechanism's in order of preference. An authentication mechanism may use one or more authentica-
tion flavors listed below. If des is the only specified mechanism, then NIS+ only use AUTH_DES with other NIS+ clients and servers. If
des is the first mechanism, then other authentication mechanism's after des will be ignored by NIS+, except for nisaddcred(1M). After
changing the mechanism configuration, the keyserv(1M) daemon must be restarted. Note that doing so will remove encryption keys stored by
the running keyserv process. This means that a reboot usually is the safest option when the mechanism configuration has been changed.
The following mechanisms are available:
+-----------------------------+-----------------------------+
| Authentication mechanism | Authentication Flavor |
+-----------------------------+-----------------------------+
|des |AUTH_DES |
+-----------------------------+-----------------------------+
|dh640-0 |RPCSEC_GSS using 640-bit |
| |Diffie-Hellman keys |
+-----------------------------+-----------------------------+
|dh1024-0 |RPCSEC_GSS using 1024-bit |
| |Diffie-Hellman keys |
+-----------------------------+-----------------------------+
If no mechanisms are specified, then a list of currently configured mechanisms is printed.
OPTIONS
-v Displays a verbose table listing the currently configured authentication mechanisms.
EXAMPLES
Example 1: Configuring a System with only RPCSEC_GSS Authentication Flavor
To configure a system to use only the RPCSEC_GSS authentication flavor with 640-bit Diffie-Hellman keys, execute the following as root:
example# /usr/lib/nis/nisauthconf dh640-0
Example 2: Configuring a System with both RPCSEC_GSS and AUTH_DES Authentication Flavors
To configure a system to use both RPCSEC_GSS (with 640-bit Diffie-Hellman keys) and AUTH_DES authentication flavors:
example# /usr/lib/nis/nisauthconf dh640-0 des
Example 3: Transitioning to Other Authentication Flavors
The following example can be used while adding credentials for a new mechanism before NIS+ is authenticating with the new mechanism:
example# /usr/lib/nis/nisauthconf des dh640-0
Note that except for nisaddcred(1M), NIS+ will not use mechanisms that follow 'des.'
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
/etc/rpcsec/nisplussec.conf
NIS+ authentication configuration file. This file may change or be removed in future versions of Solaris.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWnisu |
+-----------------------------+-----------------------------+
SEE ALSO
nis+(1), keyserv(1M), nisaddcred(1M), rpc.nisd(1M), attributes(5)
NOTES
A NIS+ client of a server that is configured for either dh640-0 or dh1024-0 must run Solaris 7 or later, even if the server is also config-
ured with des.
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 12 Dec 2001 nisauthconf(1M)