Do you mean ssh access sometimes w/key and sometimes wo/key from the same account and node?
No. You cannot decide to turn/off/on passwordless key for some jobs and not others for one single account. Access is on a per user account basis, not per job.
You should consider creating protected key-only account(s), and grant only certain users sudo to that account(s). Which is akin to your idea of 'session-level'
You could also create one or more remote ssh-only account, example dummy, then give the keys to certain users and not others. Those with the key can go in with
You can create different remote user accounts which are job specific, granting code access by chrooting each account and having links in /usr/bin (or wherever) that give access only to the code/scripts needed to run just that job.
Hello,
I want to use a shell-script to transfer data over sftp.
I donīt find a way to login in automatically.
I tried to send the password in a script like possible with
ftp
sftp user@server << cmd
password
cd /distant/directory
lcd /local/directoryget ssh_install
get ( or put) your... (2 Replies)
Hello all,
Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password.
I need like... (3 Replies)
Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password.
The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
ssh passphrase permissions issues
I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
I have 9 servers, on each server a script with common name is available.
I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script..
I want to know is there any command or script which I will run/execute on... (16 Replies)
Hi Folks,
I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ?
I... (4 Replies)
I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh).
This particular script will be fired from cron.
Can you please advice how I can supply the... (2 Replies)
Hi folks.
I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it.
Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Discussion started by: syrius
11 Replies
LEARN ABOUT DEBIAN
eurephiadm-adminaccess
eurephiadm adminaccess(7) eurephiadm adminaccess(7)NAME
eurephiadm-adminaccess - Access control for eurephia administration features
DESCRIPTION
The eurephiadm adminaccess is used to grant eurephia users access to the different administration modules in eurephia.
Available modes for the adminaccess command are:
-G | --grant
Grant a specific access level to a user
-R | --revoke
Revoke access levels
-l | --list
List all granted accesses
-h | --help <mode> Help about a specific mode
LIST MODE
The list mode will show the granted user access levels
-i | --uid
User account ID
-u | --username
User name
-I | --interface
Which interfaces to show (default "C")
-a | --access-level Which access level to show
GRANT MODE
The grant mode will grant a user access to a specified access level.
-i | --uid
User account ID
-I | --interface
Grant access through which interface (default "C")
-a | --access-level Which access level to grant access to
REVOKE MODE
The revoke mode will remove an access from the desired user accounts.
-i | --uid
User account ID
-I | --interface
Revoke access from interface (default "C")
-a | --access-level Which access level to revoke access from
ACCESS LEVELS
attempts
This access level grants access to the eurephiadm attempts command. The attempts command can list, reset or delete login attempts
records in the database.
blacklist
This is similar to the attempts access. It provides access to the eurphiadm blacklist command, where you can list, add or delete
blacklisted usernames, certificate digests or IP addresses.
certadmin
This level is needed to use the eurephiadm certs command. This commands provides you access to list, add or delete certificate
information which the eurephia plug-in will use during the authentication process.
config This level grants access to the eurephiadm config and eurephiadm show-config commands. The latter command will list out both the
eurephiadm config file and all configuration parameters in the database. The config command is used to set or delete configuration
parameters in the database.
fwprofiles
This access level is needed to list, add or delete firewall profiles eurephia which may use.
useradmin
This provides access to the eurephiadm users and eurephiadm usercerts commands, which is used to create or delete user accounts and
link the user accounts together with a certificate and a firewall access profile.
SEE ALSO eurephiadm(7)AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth July 2010 eurephiadm adminaccess(7)