Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh: require passphrase from some servers but not others
Top Forums UNIX for Advanced & Expert Users ssh: require passphrase from some servers but not others Post 302333558 by jim mcnamara on Monday 13th of July 2009 11:20:34 AM
Old 07-13-2009
Do you mean ssh access sometimes w/key and sometimes wo/key from the same account and node?

No. You cannot decide to turn/off/on passwordless key for some jobs and not others for one single account. Access is on a per user account basis, not per job.

You should consider creating protected key-only account(s), and grant only certain users sudo to that account(s). Which is akin to your idea of 'session-level'

You could also create one or more remote ssh-only account, example dummy, then give the keys to certain users and not others. Those with the key can go in with
Code:
ssh dummy@somenode

You can create different remote user accounts which are job specific, granting code access by chrooting each account and having links in /usr/bin (or wherever) that give access only to the code/scripts needed to run just that job.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

ssh - at login Passphrase for key required

Hello, I want to use a shell-script to transfer data over sftp. I donīt find a way to login in automatically. I tried to send the password in a script like possible with ftp sftp user@server << cmd password cd /distant/directory lcd /local/directoryget ssh_install get ( or put) your... (2 Replies)
Discussion started by: olso
2 Replies

2. UNIX for Advanced & Expert Users

passphrase and ssh authentication

In which case could be better don't use a passphrase creating an authentication key for ssh comunications? Thanks in advance. (1 Reply)
Discussion started by: Minguccio75
1 Replies

3. Solaris

SSH passphrase and Password

Hello all, Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password. I need like... (3 Replies)
Discussion started by: jOOc
3 Replies

4. Shell Programming and Scripting

automated ssh with provision for passphrase

Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password. The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
Discussion started by: farahzaiba
3 Replies

5. OS X (Apple)

ssh passphrase issues - Mac OS X

ssh passphrase permissions issues I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
Discussion started by: Ahab the Eskimo
1 Replies

6. Shell Programming and Scripting

Require single command to start script in multiple servers

I have 9 servers, on each server a script with common name is available. I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script.. I want to know is there any command or script which I will run/execute on... (16 Replies)
Discussion started by: mirwasim
16 Replies

7. Solaris

How to disable/bypass passphrase prompt in ssh?

Hi Folks, I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ? I... (4 Replies)
Discussion started by: chidori
4 Replies

8. Shell Programming and Scripting

Supply passphrase for ssh in script

I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh). This particular script will be fired from cron. Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies

9. UNIX for Beginners Questions & Answers

ssh multiple servers

Hi folks. I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it. Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Discussion started by: MuntyScrunt
2 Replies

10. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

LEARN ABOUT DEBIAN

gnome-ssh-askpass

GNOME-SSH-ASKPASS(1)					      General Commands Manual					      GNOME-SSH-ASKPASS(1)

NAME

       gnome-ssh-askpass - prompts a user for a passphrase using GNOME

SYNOPSIS

       gnome-ssh-askpass

DESCRIPTION

       gnome-ssh-askpass  is  a GNOME-based passphrase dialog for use with OpenSSH.  It is intended to be called by the ssh-add(1) program and not
       invoked directly.  It allows ssh-add(1) to obtain a passphrase from a user, even if not connected to a terminal (assuming that an X display
       is  available).	This happens automatically in the case where ssh-add is invoked from one's ~/.xsession or as one of the GNOME startup pro-
       grams, for example.

       In order to be called automatically by ssh-add, gnome-ssh-askpass should be installed as /usr/bin/ssh-askpass.

ENVIRONMENT VARIABLES

       The following environment variables are recognized:

       GNOME_SSH_ASKPASS_GRAB_SERVER
	      Causes gnome-ssh-askpass to grab the X server before asking for a passphrase.

       GNOME_SSH_ASKPASS_GRAB_POINTER
	      Causes gnome-ssh-askpass to grab the mouse pointer using gdk_pointer_grab() before asking for a passphrase.

       Regardless of whether either of these environment variables is set, gnome-ssh-askpass will grab the keyboard using gdk_keyboard_grab().

AUTHOR

       This manual page was written by Colin Watson <cjwatson@debian.org> for the Debian system (but may be used by others).  It was based on that
       for x11-ssh-askpass by Philip Hands.

															      GNOME-SSH-ASKPASS(1)
All times are GMT -4. The time now is 06:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy