Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh: require passphrase from some servers but not others
Top Forums UNIX for Advanced & Expert Users ssh: require passphrase from some servers but not others Post 302333570 by Squeakygoose on Monday 13th of July 2009 11:55:22 AM
Old 07-13-2009
Well, I mean ssh access sometimes w/key and sometimes wo/key TO the same account and node.

The username on all nodes is the same ("oracle"). What I want is passwordless login from other nodes within the cluster but password login from any other server outside the cluster.

e.g.:
Code:
oracle@clusternode1# ssh clusternode2
   <no password>
oracle@someotherserver# ssh clusternode2
   <prompt for password>

I want oracle@clusternode2 to allow all other oracle@clusternode's passwordless login. oracle user's on all other servers must specify a password once per session.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

ssh - at login Passphrase for key required

Hello, I want to use a shell-script to transfer data over sftp. I donīt find a way to login in automatically. I tried to send the password in a script like possible with ftp sftp user@server << cmd password cd /distant/directory lcd /local/directoryget ssh_install get ( or put) your... (2 Replies)
Discussion started by: olso
2 Replies

2. UNIX for Advanced & Expert Users

passphrase and ssh authentication

In which case could be better don't use a passphrase creating an authentication key for ssh comunications? Thanks in advance. (1 Reply)
Discussion started by: Minguccio75
1 Replies

3. Solaris

SSH passphrase and Password

Hello all, Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password. I need like... (3 Replies)
Discussion started by: jOOc
3 Replies

4. Shell Programming and Scripting

automated ssh with provision for passphrase

Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password. The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
Discussion started by: farahzaiba
3 Replies

5. OS X (Apple)

ssh passphrase issues - Mac OS X

ssh passphrase permissions issues I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
Discussion started by: Ahab the Eskimo
1 Replies

6. Shell Programming and Scripting

Require single command to start script in multiple servers

I have 9 servers, on each server a script with common name is available. I send a token file to all server from 1 particular server. so when a daemon job checks that token file is available then it triggers the script.. I want to know is there any command or script which I will run/execute on... (16 Replies)
Discussion started by: mirwasim
16 Replies

7. Solaris

How to disable/bypass passphrase prompt in ssh?

Hi Folks, I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ? I... (4 Replies)
Discussion started by: chidori
4 Replies

8. Shell Programming and Scripting

Supply passphrase for ssh in script

I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh). This particular script will be fired from cron. Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies

9. UNIX for Beginners Questions & Answers

ssh multiple servers

Hi folks. I'm pretty new to unix, while I'm learning a lot I'm finding bash scripting quite confusing. Im sure it's not really, my head just hasn't clicked with it. Anyway, I need a script to loop the ip addresses stored in a file and run a "pgrep <process>" and return the pid or some... (2 Replies)
Discussion started by: MuntyScrunt
2 Replies

10. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

LEARN ABOUT SUNOS

asadmin

asadmin(1M)						    Application Server Utility						       asadmin(1M)

NAME

       asadmin - utility for performing administrative tasks for the Sun Java System Application Server

SYNOPSIS

       asadmin subcommand [-short_option[short_option_argument]]* [--long_option[long_option_argument]]* [operand]*

       Use the asadmin utility to perform any administrative task for the Sun Java System Application Server. You can use this utility in place of
       using the Administration Console.

       The subcommand identifies the operation or task you wish to perform. Subcommands are case-sensitive. Short option arguments have  a  single
       dash  (-);  while long option arguments have two dashes (--). Options modify how the utility performs a subcommand.  Options are also case-
       sensitive. Most options require argument values except boolean options which toggle to switch a feature ON or OFF.  Operands  appear  after
       the  argument  values,  and  are set off by a space, a tab, or double dashes (--). The asadmin utility treats anything that comes after the
       options and their values as an operand.

       Local subcommands can be executed without the presence of an administration server. However, it is required that the user  be  logged  into
       the  machine  hosting  the domain in order to execute the subcommand and have access (permissions) for the installation and domain directo-
       ries.

       Remote subcommands are always executed by connecting to an administration server and executing the subcommand there. A running  administra-
       tion server is required. All remote subcommands require the following options:

       -u --user	       authorized domain application server administrative username.

       -w --password	       password to administer the domain application server.

       -H --host	       machine name where the domain application server is running.

       -p --port	       port number of the domain application server listening for administration requests.

       -s --secure	       if true, uses SSL/TLS to communicate with the domain application server.

       -t --terse	       indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-
			       formatted data for consumption by a script. Default is false.

       -e --echo	       setting to true will echo the command line statement on the standard output. Default is false.

       -I --interactive        if set to true (default), only the required password options are prompted.

       For security purposes, you can set the password for a subcommand from a file instead of entering the password  at  the  command	line.  The
       --passwordfile option takes the file containing the passwords. The valid contents for the file are:

       AS_ADMIN_PASSWORD=value
       AS_ADMIN_ADMINPASSWORD=value
       AS_ADMIN_USERPASSWORD=value

       Given  the --passwordfile option and its value, the password options in the passwordfile are exported to the global environment; subsequent
       subcommands without the password options take this value. However, if both the --password and --passwordfile options are specified  on  the
       command	line,  the password value in the passwordfile is exported to the global environment and subsequent subcommands without the --pass-
       word option would take this value. However, for the current subcommand, the --password option value specified on the command line is  taken
       since the --password option takes precedence over the --passwordfile option.

       To use the --secure option, you must use the set command to enable the security--enabled flag in the admin http-listener in the domain.xml.

       When you use the asadmin subcommands to create and/or delete, you must restart the server for the newly created command to take affect. Use
       the start-domain command to restart the server.

       Some characters, such as the colon (:), the asterisk (*), and the backslash(, cause errors if you use them in the command syntax unless you
       use  escape characters to set them off. The possibilities for using escape characters vary depending upon what platform you use and whether
       you use singlemode or multimode. You do not need to use escape characters for colons in the get or set commands.

       On UNIX, in singlemode, you can use either two backslashes () or double-quotes (" ") to escape restricted characters.  For  example,  when
       creating  a  JDBC  connection  pool  with an option whose value includes colons, you could use backslashes (example assumes the environment
       variables have been set for some properties):

       asadmin	create-jdbc-connection-pool   --datasourceclassname   oracle.jdbc.pool.OracleDataSource   --failconnection=true   --isconnectvali-
       datereq=true --property url=jdbc:oracle:thin:@asperfsol8:1521:V8i:user=staging_lookup_app:password=staging_lookup_app OraclePoollookup

       To  use	quotes	in the same example as above, you would enclose the value in double quotes (") and escape the double quotes with the back-
       slash.

       asadmin	create-jdbc-connection-pool   --datasourceclassname   oracle.jdbc.pool.OracleDataSource   --failconnection=true   --isconnectvali-
       datereq=true --property url= word=staging_lookup_app OraclePoollookup

       On  windows, in singlemode, you can escape using the backslash character.  For example, when creating a JDBC connection pool with an option
       whose value includes colons, you could use backslashes (example assumes the environment variables have been set for some properties):

       asadmin	create-jdbc-connection-pool   --datasourceclassname   oracle.jdbc.pool.OracleDataSource   --failconnection=true   --isconnectvali-
       datereq=true --property url=jdbcoraclethin@asperfsol81521V8i:user=staging_lookup_app:pas sword=staging_lookup_app OraclePoollookup

       On  any platform, in singlemode, you can use backslashes to escape the character and enclose the value containing the escaped characters in
       double quotes. For example, when creating a JDBC connection pool with a option whose value includes colons, you could use the escape  char-
       acters as follows (example assumes the environment variables have been set for some properties):

       asadmin	 create-jdbc-connection-pool   --datasourceclassname   oracle.jdbc.pool.OracleDataSource   --failconnection=true  --isconnectvali-
       datereq=true --property url="jdbcoraclethin@iasperfsol81521V8i":user=staging_lookup_app: password=staging_lookup_app OraclePoollookup

       On any platform, in multimode, you can use the following syntax, which only requires quotes, not slashes or backslashes:

       asadmin>  create-jdbc-connection-pool  --datasourceclassname   oracle.jdbc.pool.OracleDataSource   --failconnection=true   --isconnectvali-
       datereq=true --property url="jdbc:oracle:thin:@asperfsol8:1521:V8i":user=staging_lookup_app:password=staging_lookup_app OraclePoollookup

       To access the manpages for the Application Server Command-line interface subcommands, add $AS_INSTALL/man to your MANPATH environment vari-
       able.

       You can obtain overall usage information for any of the asadmin utility subcommands by invoking the --help option.  If you specify  a  sub-
       command,  the  usage information for that subcommand is displayed. Using the help option without a subcommand displays a listing of all the
       available subcommands.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Unstable			   |
       +-----------------------------+-----------------------------+

       appclient(1M), package-appclient(1M)

J2EE 1.4 SDK							    March 2004							       asadmin(1M)
All times are GMT -4. The time now is 03:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy