Do you mean ssh access sometimes w/key and sometimes wo/key from the same account and node?
No. You cannot decide to turn/off/on passwordless key for some jobs and not others for one single account. Access is on a per user account basis, not per job.
You should consider creating protected key-only account(s), and grant only certain users sudo to that account(s). Which is akin to your idea of 'session-level'
You could also create one or more remote ssh-only account, example dummy, then give the keys to certain users and not others. Those with the key can go in with
Code:
ssh dummy@somenode
You can create different remote user accounts which are job specific, granting code access by chrooting each account and having links in /usr/bin (or wherever) that give access only to the code/scripts needed to run just that job.
Hello,
I want to use a shell-script to transfer data over sftp.
I donīt find a way to login in automatically.
I tried to send the password in a script like possible with
ftp
sftp user@server << cmd
password
cd /distant/directory
lcd /local/directoryget ssh_install
get ( or put) your... (2 Replies)
Hello all,
Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password.
I need like... (3 Replies)
Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password.
The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
ssh passphrase permissions issues
I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
I have 9 servers, on each server a script with common name is available.
I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script..
I want to know is there any command or script which I will run/execute on... (16 Replies)
Hi Folks,
I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ?
I... (4 Replies)
I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh).
This particular script will be fired from cron.
Can you please advice how I can supply the... (2 Replies)
Hi folks.
I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it.
Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Discussion started by: syrius
11 Replies
LEARN ABOUT REDHAT
ssh-keysign
SSH-KEYSIGN(8) BSD System Manager's Manual SSH-KEYSIGN(8)NAME
ssh-keysign -- ssh helper program for hostbased authentication
SYNOPSIS
ssh-keysign
DESCRIPTION
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during hostbased authentication with
SSH protocol version 2.
ssh-keysign is disabled by default and can only be enabled in the the global client configuration file /etc/ssh/ssh_config by setting
HostbasedAuthentication to ``yes''.
ssh-keysign is not intended to be invoked by the user, but from ssh(1). See ssh(1) and sshd(8) for more information about hostbased authen-
tication.
FILES
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, read-
able only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if hostbased
authentication is used.
SEE ALSO ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)AUTHORS
Markus Friedl <markus@openbsd.org>
HISTORY
ssh-keysign first appeared in OpenBSD 3.2.
BSD May 24, 2002 BSD