09-10-2010
Quote:
Originally Posted by
zaxxon
No worries. It applies to any machine where a sshd is running. ssh_config is for client config and sshd_config is for server config. If there is a acting as a server, you have to edit it's /etc/ssh/sshd_config and restart it's sshd, plus editing the hosts.equiv to your needs. If you come from another box like a pc with putty or ssh client from a linux box for example, you do not have to edit or restart anything on the client.
i did the configurations, i enabled the
HostbasedAuthentication yes in both the ssh_config of client and sshd_config of server. Then i added the the client hostname and ip in the following manner in etc/hosts.equiv file of the server.
clienthost ip
but when i gave ssh server from the client it is asking for the password.
Please correct me if i were wrong in any of the above mentioned scenarios...
10 More Discussions You Might Find Interesting
1. Cybersecurity
I would like to know how to validate an unix password from shell script (If is possible)
Thanks very much
;) (3 Replies)
Discussion started by: juan_o_morillo
3 Replies
2. UNIX for Advanced & Expert Users
I'd like to do a data transfer without encryption but with a guarantee that my data comes from a legit source. I'm thinking something that uses a public key scheme to sign the data.
Does anyone know of something like that?
Thanks!
-Pileofrogs (1 Reply)
Discussion started by: pileofrogs
1 Replies
3. Forum Support Area for Unregistered Users & Account Problems
I recently registered, but never received the email with the instructions for authenticating my account. I confirmed my email in in the profile looks correct. I found and clicked the link to resend the authentication email. I clicked that link two days ago and I still don't have the email. It... (1 Reply)
Discussion started by: dwallace
1 Replies
4. Solaris
Sir,
We are using windows amd solaris systems on my company when ever we are sharing the files from windows to solaris it was asking authentication as a administrator i can share the if normal user wants to share the files from windows to solaris every time i have to go and type the username and... (1 Reply)
Discussion started by: ambavaram
1 Replies
5. Linux
We are using fedora 8 on my system in that we are using evolution for checking mail we have configured mail server on fedora 8 in another system earlier when i was open the evolution it was asking password for authentication from last two days whenever i open the evolution it was not asking... (1 Reply)
Discussion started by: ambavaram
1 Replies
6. Red Hat
Hi friends,
I have a requirement is to authenticate samba users seperately.
1. Linux samba server
2. Linux Client
3. Need to mount samba share on linux client permanently without providing credentials.
4. when user is accessing that mount point need to be prompted for credentials.
... (1 Reply)
Discussion started by: arumon
1 Replies
7. UNIX for Advanced & Expert Users
I have applied pam authentication for local users as highlighted in below file.
# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so... (0 Replies)
Discussion started by: pinga123
0 Replies
8. Red Hat
Hi everyone ...
( Linux Cent OS ) i cant login as root user in my lab machine ... i did give correct root and root passwd ..but it showing Authentication Failed ...
plz help me (4 Replies)
Discussion started by: coolboys
4 Replies
9. UNIX and Linux Applications
What do you guys use for authentication on Jenkins? We are currently not using anything and I am attempting to use AD, however when I have it enabled, the jenkins CLI does not allow my slaves to register anonymously.. which is understandable, however I cannot find the proper syntax for the... (0 Replies)
Discussion started by: s ladd
0 Replies
10. SuSE
Hello all,
I recently updated PAM policy files (pam_authz.policy) on HP-UX Servers with AD groups involving allowing and denying the certain groups..
Could anyone tell me what is the equivalent mechanism in SLES(Linux)? Is it possible to allow/deny AD group access with the SLES LDAP... (0 Replies)
Discussion started by: lcclaj0
0 Replies
LEARN ABOUT REDHAT
keyfile
KEYFILE(5) AFS File Reference KEYFILE(5)
NAME
KeyFile - Defines AFS server encryption keys
DESCRIPTION
The KeyFile file defines the server encryption keys that the AFS server processes running on the machine use to decrypt the tickets
presented by clients during the mutual authentication process. AFS server processes perform privileged actions only for clients that
possess a ticket encrypted with one of the keys from the file. The file must reside in the /etc/openafs/server directory on every server
machine. For more detailed information on mutual authentication and server encryption keys, see the OpenAFS Administration Guide.
Each key has a corresponding a key version number that distinguishes it from the other keys. The tickets that clients present are also
marked with a key version number to tell the server process which key to use to decrypt it. The KeyFile file must always include a key with
the same key version number and contents as the key currently listed for the "afs/cell" principal in the associated Kerberos v5 realm or
Authentication Database. (The principal "afs" may be used if the cell and realm names are the same, but adding the cell name to the
principal is recommended even in this case. "afs" must be used as the principal name if the cell uses the Authentication Server rather than
a Kerberos v5 realm.) The key must be a DES key; no stronger encryption type is supported.
The KeyFile file is in binary format, so always use either the asetkey command or the appropriate commands from the bos command suite to
administer it:
o The asetkey add or bos addkey command to add a new key.
o The asetkey list or bos listkeys command to display the keys.
o The asetkey delete or bos removekey command to remove a key from the file.
The asetkey commands must be run on the same server as the KeyFile file to update. The bos commands may be run remotely. Normally, new keys
should be added from a Kerberos v5 keytab using asetkey add. bos addkey is normally only used if the Authentication Server is in use
instead of a Kerberos v5 realm.
In cells that use the Update Server to distribute the contents of the /etc/openafs/server directory, it is customary to edit only the copy
of the file stored on the system control machine. Otherwise, edit the file on each server machine individually.
CAUTIONS
The most common error caused by changes to KeyFile is to add a key that does not match the corresponding key for the Kerberos v5 principal
or Authentication Server database entry. Both the key and the key version number must match the key for the corresponding principal, either
"afs/cell" or "afs", in the Kerberos v5 realm or Authentication Database. For a Kerberos v5 realm, that principal must only have DES
encryption types in the Kerberos KDC.
In the unusual case of using bos addkey to add a key with a known password matching a password used to generate Kerberos v5 keys, the keys
in the Kerberos v5 KDC database must use "afs3" salt, not the default Kerberos v5 salt. The salt doesn't matter for the more normal
procedure of extracting a keytab and then adding the key using asetkey.
SEE ALSO
asetkey(8), bos_addkey(8), bos_listkeys(8), bos_removekey(8), kas_setpassword(8), upclient(8), upserver(8)
The OpenAFS Administration Guide at <http://docs.openafs.org/AdminGuide/>.
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 KEYFILE(5)