Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh: require passphrase from some servers but not others
Top Forums UNIX for Advanced & Expert Users ssh: require passphrase from some servers but not others Post 302333558 by jim mcnamara on Monday 13th of July 2009 11:20:34 AM
Old 07-13-2009
Do you mean ssh access sometimes w/key and sometimes wo/key from the same account and node?

No. You cannot decide to turn/off/on passwordless key for some jobs and not others for one single account. Access is on a per user account basis, not per job.

You should consider creating protected key-only account(s), and grant only certain users sudo to that account(s). Which is akin to your idea of 'session-level'

You could also create one or more remote ssh-only account, example dummy, then give the keys to certain users and not others. Those with the key can go in with
Code:
ssh dummy@somenode

You can create different remote user accounts which are job specific, granting code access by chrooting each account and having links in /usr/bin (or wherever) that give access only to the code/scripts needed to run just that job.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

ssh - at login Passphrase for key required

Hello, I want to use a shell-script to transfer data over sftp. I donīt find a way to login in automatically. I tried to send the password in a script like possible with ftp sftp user@server << cmd password cd /distant/directory lcd /local/directoryget ssh_install get ( or put) your... (2 Replies)
Discussion started by: olso
2 Replies

2. UNIX for Advanced & Expert Users

passphrase and ssh authentication

In which case could be better don't use a passphrase creating an authentication key for ssh comunications? Thanks in advance. (1 Reply)
Discussion started by: Minguccio75
1 Replies

3. Solaris

SSH passphrase and Password

Hello all, Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password. I need like... (3 Replies)
Discussion started by: jOOc
3 Replies

4. Shell Programming and Scripting

automated ssh with provision for passphrase

Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password. The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
Discussion started by: farahzaiba
3 Replies

5. OS X (Apple)

ssh passphrase issues - Mac OS X

ssh passphrase permissions issues I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
Discussion started by: Ahab the Eskimo
1 Replies

6. Shell Programming and Scripting

Require single command to start script in multiple servers

I have 9 servers, on each server a script with common name is available. I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script.. I want to know is there any command or script which I will run/execute on... (16 Replies)
Discussion started by: mirwasim
16 Replies

7. Solaris

How to disable/bypass passphrase prompt in ssh?

Hi Folks, I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ? I... (4 Replies)
Discussion started by: chidori
4 Replies

8. Shell Programming and Scripting

Supply passphrase for ssh in script

I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh). This particular script will be fired from cron. Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies

9. UNIX for Beginners Questions & Answers

ssh multiple servers

Hi folks. I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it. Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Discussion started by: MuntyScrunt
2 Replies

10. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

LEARN ABOUT DEBIAN

eurephiadm-adminaccess

eurephiadm adminaccess(7)												 eurephiadm adminaccess(7)

NAME

       eurephiadm-adminaccess - Access control for eurephia administration features

DESCRIPTION

       The eurephiadm adminaccess is used to grant eurephia users access to the different administration modules in eurephia.

       Available modes for the adminaccess command are:

       -G | --grant
	      Grant a specific access level to a user

       -R | --revoke
	      Revoke access levels

       -l | --list
	      List all granted accesses

       -h | --help <mode> Help about a specific mode

LIST MODE

       The list mode will show the granted user access levels

       -i | --uid
	      User account ID

       -u | --username
	      User name

       -I | --interface
	      Which interfaces to show (default "C")

       -a | --access-level Which access level to show

GRANT MODE

       The grant mode will grant a user access to a specified access level.

       -i | --uid
	      User account ID

       -I | --interface
	      Grant access through which interface (default "C")

       -a | --access-level Which access level to grant access to

REVOKE MODE

       The revoke mode will remove an access from the desired user accounts.

       -i | --uid
	      User account ID

       -I | --interface
	      Revoke access from interface (default "C")

       -a | --access-level Which access level to revoke access from

ACCESS LEVELS

       attempts
	      This  access  level  grants access to the eurephiadm attempts command. The attempts command can list, reset or delete login attempts
	      records in the database.

       blacklist
	      This is similar to the attempts access. It provides access to the eurphiadm blacklist command, where you can  list,  add	or  delete
	      blacklisted usernames, certificate digests or IP addresses.

       certadmin
	      This  level  is  needed  to  use	the eurephiadm certs command. This commands provides you access to list, add or delete certificate
	      information which the eurephia plug-in will use during the authentication process.

       config This level grants access to the eurephiadm config and eurephiadm show-config commands. The latter command will  list  out  both  the
	      eurephiadm  config  file and all configuration parameters in the database. The config command is used to set or delete configuration
	      parameters in the database.

       fwprofiles
	      This access level is needed to list, add or delete firewall profiles eurephia which may use.

       useradmin
	      This provides access to the eurephiadm users and eurephiadm usercerts commands, which is used to create or delete user accounts  and
	      link the user accounts together with a certificate and a firewall access profile.

SEE ALSO

       eurephiadm(7)

AUTHOR

       Copyright (C) 2008-2010	David Sommerseth <dazo@users.sourceforge.net>

David Sommerseth						     July 2010						 eurephiadm adminaccess(7)
All times are GMT -4. The time now is 01:30 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy