01-07-2010
Hi
I think u have interpreted me wrong.
My requirement is that when first user "su" to second user,it should not prompt for password.
I have copied the public key of first user into the authorized_keys file of second user and when i "ssh" from 1st user to 2nd user,password is not prompted.
Bur when i "su" to second user from 1st user,password is being prompted.
I hope this clarifies.
Gurus,
Any others who have different ideas.
Thanks
HG
9 More Discussions You Might Find Interesting
1. Red Hat
I am trying to set up ssh/scp to be able to login in w/o using a password. The man pages for ssh and ssh-keygen explain how to do this.
So, using "rsa1" style, I created the public and private keys by way of ssh-keygen, then added the contents of "$HOME/.ssh/identity.pub" to a newly created... (6 Replies)
Discussion started by: mcrouch_2003
6 Replies
2. Solaris
Hi GUYS,
Me have 2 servers, eg:: A & B
id_dsa.pub key of B had been put in authorized_keys of A & Vice versa
Passwordless login going from A to B.
But while connecting from B to A ,its asking password
Any one please help me out.. (6 Replies)
Discussion started by: racechap
6 Replies
3. HP-UX
Greetings!
I am trying to perform a passwordless SSH login from a HPUX 11.31 client to a HPUX 11.31 server. Whenever I do a "ssh -l root serverA" from the client, I am prompted for a password. Giving the password, I am able to successfully login. However I am trying to accomplish a... (9 Replies)
Discussion started by: Rob Sandifer
9 Replies
4. UNIX for Advanced & Expert Users
Hi,
I have two users login on my HPUX i.e user1 and user2.
Inorder to switch from user1 to user2 without password I generated key pair using keygen command for user id user1 and copied the its public key to the .ssh/authorized_keys file of user2.
ssh-keygen -b 2048 -t rsa
This... (5 Replies)
Discussion started by: mohtashims
5 Replies
5. Solaris
This is Solaris 10 and sorce+destination are non root user. Somehow it is broke and I am not able to fix it. Already checked permissions on both servers and authorized_keys entry of destination is same as id_rsa.pub of source server. I can not regenerate keys on source server because I do not know,... (0 Replies)
Discussion started by: solaris_1977
0 Replies
6. Shell Programming and Scripting
Hi,
I am in the process FTPing some of my report files from my production server to another FTP server through batch/Shell Script.
This is working fine with the password less authentication.
Once i place all my report files in the ftp server the end users need to download ... (3 Replies)
Discussion started by: Showdown
3 Replies
7. Shell Programming and Scripting
how can i use an expect script to do a passwordless ssh login and run a script on a bunch of remote hosts? I do not want to use public key authentication as this would require me to setup the keys on the clients etc.... (2 Replies)
Discussion started by: tdubb123
2 Replies
8. Shell Programming and Scripting
Hi Friends,
I was successfully able to login passwordlessly to server 1.1.1.2 from server 1.1.1.1 by following the below steps. I had already generated the keys using (ssh-keygen -t rsa) once and i am assuming i do not have to do that again.
ssh id@1.1.1.2 mkdir -p .ssh
cat... (8 Replies)
Discussion started by: srkmish
8 Replies
9. Windows & DOS: Issues & Discussions
Hi,
I am a newbie and has been given a task to connect to a windows server from a linux server (using putty of course; for file transfer) that too passwordless.
Searching through google I found "ssh-keygen" but this also couldn't work because as I tried ssh <username>@<windowsServerIP>, it says... (5 Replies)
Discussion started by: pratria
5 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)