Do you mean ssh access sometimes w/key and sometimes wo/key from the same account and node?
No. You cannot decide to turn/off/on passwordless key for some jobs and not others for one single account. Access is on a per user account basis, not per job.
You should consider creating protected key-only account(s), and grant only certain users sudo to that account(s). Which is akin to your idea of 'session-level'
You could also create one or more remote ssh-only account, example dummy, then give the keys to certain users and not others. Those with the key can go in with
Code:
ssh dummy@somenode
You can create different remote user accounts which are job specific, granting code access by chrooting each account and having links in /usr/bin (or wherever) that give access only to the code/scripts needed to run just that job.
Hello,
I want to use a shell-script to transfer data over sftp.
I donīt find a way to login in automatically.
I tried to send the password in a script like possible with
ftp
sftp user@server << cmd
password
cd /distant/directory
lcd /local/directoryget ssh_install
get ( or put) your... (2 Replies)
Hello all,
Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password.
I need like... (3 Replies)
Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password.
The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
ssh passphrase permissions issues
I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
I have 9 servers, on each server a script with common name is available.
I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script..
I want to know is there any command or script which I will run/execute on... (16 Replies)
Hi Folks,
I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ?
I... (4 Replies)
I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh).
This particular script will be fired from cron.
Can you please advice how I can supply the... (2 Replies)
Hi folks.
I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it.
Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Hi,
I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step:
#!/bin/bash
# LAN SSH KEYS DISCOVERY SCRIPT
</etc/passwd \
grep /bin/bash |
cut -d: -f6 |
sudo xargs -i -- sh -c '
&& cat... (11 Replies)
Discussion started by: syrius
11 Replies
LEARN ABOUT DEBIAN
eurephiadm-users
eurephiadm users(7) eurephiadm users(7)NAME
eurephiadm-users - User management module
SYNOPSIS
eurephiadm users --list|-l [-S|--sort <sort keys>]
eurephiadm users --show|-s [-i|--uid <user id>] [-u|--username <user name>] [-l|-|-lastlog] [-L|--lastlog-details] [-a|--attempts]
[-b|--blacklist]
eurephiadm users --activate|-a [-i|--uid <user id>] [-u|--username <user name>]
eurephiadm users --deactivate|-d [-i|--uid <user id>] [-u|--username <user name>]
eurephiadm users --add|-A [-u|--username <user name>] [-P|--password <plain text password>] [-C|--certid <certificate ID>] [-D|--digest
<certificate SHA1 digest>] [-c|--certfile <certificate file>] [-2|--pkcs12]
eurephiadm users --delete|-D [-i|--uid <user id>] [-u|--username <user name>]
eurephiadm users --password|-p [-i|--uid <user id>] [-u|--username <user name>]
eurephiadm users [-h|--help [<mode>]]
DESCRIPTION
eurephiadm users manages eurephia user accounts. It provides an interface for listing, creating new, modify and delete user accounts.
MODES
Available modes:
-l | --list
[-S|--sort <sort keys>]
List all user accounts. Providing -S|--sort and a sort key will define the sort order of the list. Valid sort keys are:
uid - user ID
username - User name belonging to the user account
activated - When the user account was activated
deactivated - When the user account was deactivated
lastaccess - When the user account was last used
-s | --show
[-i|--uid <user id>] [-u|--username <user name>] [-l|--lastlog] [-L|--lastlog-details] [-a|--attempts] [-b|--blacklist]
Show user account details. --uid or --username are required. The other arguments only defined which kind of information to show.
-a | --activate
[-i|--uid <user id>] [-u|--username <user name>]
Activate a user account. --uid or --username is required.
-d | --deactivate
[-i|--uid <user id>] [-u|--username <user name>]
Deactivate a user account. --uid or --username is required.
-A | --add
[-u|--username <user name>] [-P|--password <plain text password>] [-C|--certid <certificate ID>] [-D|--digest <certificate SHA1
digest>] [-c|--certfile <certificate file>] [-2|--pkcs12]
Add a new user account. --username is required. If you want to assign a password for the new user account via the command line,
provide the password with --password.
To associate this user account against an already regstistered certificate, it can be done by either refering to the certificate ID
in eurephia using --certid or providing the certificate SHA1 digest/fingerprint to --digest.
A brand new certificate can be registered and linked to the user account directly if you have access to the certificate file. The
file can be in either PEM/DER format or PKCS#12. Use --certfile to indicate the certificate file to extract the information from
and --pkcs12 if it is a PKCS#12 file.
-D | --delete
[-i|--uid <user id>] [-u|--username <user name>]
Delete a user account. --uid or --username is required.
-p | --password
[-i|--uid <user id>] [-u|--username <user name>]
Change password on a user account. --uid or --username is required.
-h | --help
[<mode>]
Show a help screen. Without any arguments, all modes are listed. Providing a mode will show more information about the chosen
mode.
SEE ALSO eurephiadm(7), eurephiadm-certs(7)AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth July 2010 eurephiadm users(7)