12-02-2009
I just grep those files and can't found neither. Guess I hadn't make myself clear, users must still allowed to login thru password authentication, however we want to give them the ability to run a specific script only when they used private keys.
My bad I forgot to say but my group isn't root on this specific box; we do have high privileges but still we're not root.
Thanks.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I stupidly changed the shell of the root user to one that does not exist, and now when I try to lgon it says it cannot find the path to my shell and will not let me proceed any further. Is there any way I can get round this without re-installing the OS?
Thanks for any replies. (8 Replies)
Discussion started by: SRP
8 Replies
2. UNIX for Dummies Questions & Answers
Hi:
I am wondering if anyone has a logon script to be put in /etc/profile or environments that will display the logged on username and path? (4 Replies)
Discussion started by: capeme
4 Replies
3. Shell Programming and Scripting
hi
how can I know abt the details of current user who are logged on and as well as those users who currently have an account but are not logged on?
Thanks (1 Reply)
Discussion started by: nokia1100
1 Replies
4. Forum Support Area for Unregistered Users & Account Problems
This is probably a dumb question and a pipe dream, but is there (or can there be) an alternate way to logon?
I can access the site from work, but they have blocked the actual login URL. I dont know exactly what the URL is since I can obviously log on from home, but I know it has the word login.... (2 Replies)
Discussion started by: earnstaf
2 Replies
5. Solaris
Hi
I am envountring a problem while I login using ssh on a sun box to a remote box.
I use ssh user@server and it takes long time to ask for a password..
does anyone knows the reason behind this? or is there a way that this could be solved
Thanks,
Antony (8 Replies)
Discussion started by: antointoronto
8 Replies
6. AIX
In /etc/security/user, we can set which authentication method we use for each user. for example:
test:
admin = false
rlogin = false
SYSTEM = "NONE"
I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies
7. Solaris
After a memory upgrade all network interfaces are misconfigued. How do i resolve this issue. Below are some out puts.thanks.
ifconfig: plumb: SIOCLIFADDIF: eg000g0:2: no such interface
# ifconfig eg1000g0:2 plumb
ifconfig: plumb: SIOCLIFADDIF: eg1000g0:2: no such interface
# ifconfig... (2 Replies)
Discussion started by: andersonedouard
2 Replies
8. IP Networking
Hi experts,
I am not sure in which forum to submit this question. If this is not the correct place then please let me know where to submit this thread.
My requirement is to invoke windows batch scripts from linux shell script. Hence, I have installed openssh in Cygwin on the windows machine.... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies
9. UNIX for Dummies Questions & Answers
Hi,
I was wondering if someone may be able to help me with finding out the different *nix logon types.
The different logon types for a Successful Logon event type in Windows (4624) is well documented both on the M$ site and also on many tech related sites, listing the different logon types... (6 Replies)
Discussion started by: urhero
6 Replies
10. Cybersecurity
Hello,
We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP.
We have plans to migrate from NIS to LDAP, so... (2 Replies)
Discussion started by: solaris_1977
2 Replies
LEARN ABOUT OPENDARWIN
ssh-keysign
ssh-keysign(1M) ssh-keysign(1M)
NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)
AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)