Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable To Perform A "Passwordless" SSH Login To A Server
Operating Systems HP-UX Unable To Perform A "Passwordless" SSH Login To A Server Post 302515715 by Rob Sandifer on Wednesday 20th of April 2011 05:18:48 PM
Old 04-20-2011
Quote:
Originally Posted by DGPickett
No, sanity. No user should be able to change or steal another's keys, say to allow them to log in without password and no permissions.
I understand the underlying meaning of what you are saying...that the
/root directory (which contains the public key) should always be secure.

What I am asking...is....what is the mechanism which drives the enforcement of the permissions? In other words, what I am asking is
what is actually causing the ssh public key authentication to actually
become disabled when directory level permissions on /root are loosened
rather than tightened.... Stated anothery way... is it the unix operating system or is it the ssh application itself which causes public key authentication to fail? Thanks.

Rob S.
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

No utpmx entry: you must exec "login" from lowest level "shell"

Hi I have installed solaris 10 on an intel machine. Logged in as root. In CDE, i open terminal session, type login alex (normal user account) and password and i get this message No utpmx entry: you must exec "login" from lowest level "shell" :confused: What i want is: open various... (0 Replies)
Discussion started by: peterpan
0 Replies

2. Shell Programming and Scripting

script that can give login password for "ssh" without involving STDIN

Hi Folks, I am writing a shell script that can logon to remote machine automatically. But, I am facing one problem. I am using "ssh" command in script and while login into remote machine it asks for passowrd and it stops for STDIN input for password. I want my script to supply password... (2 Replies)
Discussion started by: gydave
2 Replies

3. UNIX for Dummies Questions & Answers

how to install "source" command!/ broken "login.cl"!

Hello, I am new to this forums and this is my first "asking help" message! i have 2 problems: 1- for unknown reasons the "source" command is not avalable in my system (UBUNTU). i can't either see it in my bin directory! 2- again for unknown reasons the "login.cl" file in the home... (0 Replies)
Discussion started by: astrosona
0 Replies

4. UNIX for Advanced & Expert Users

How to allow particular user only to login as a root using "ssh" ?

Q1 I want to allow particular user only to login into root using ssh. I have set PermitRootLogin no for security purpose but I want to allow some of the users to login as a root using ssh how to do this? I have tried with Allowusers user1 user2 its working for only the user1 and... (3 Replies)
Discussion started by: ungalnanban
3 Replies

5. AIX

ssh public key auth "Remote login for account is not allowed" ?

Hello, Using AIX 6.1 boxes. User user1 connects from box A to box B using ssh. When password authentication is used everything is fine. When I configure user1 to use public key authentication sftp client works fine(no password asked), but ssh client fails. This is sshd log: Accepted publickey... (3 Replies)
Discussion started by: vilius
3 Replies

6. Shell Programming and Scripting

login to more than one pc (simultaneously) using "ssh"

Hi all, can any one have idea that " how to login to more than one PC (simultaneously) using "ssh" "? (1 Reply)
Discussion started by: kavi.mogu
1 Replies

7. UNIX for Dummies Questions & Answers

What is the significance of sh -s in ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh?

Please can you help me understand the significance of providing arguments under sh -s in > ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh (4 Replies)
Discussion started by: Sree10
4 Replies

8. AIX

Nim server "Unable to execute remote client commands"

Hello, What is its mean? Could you please help me? Best regards, root@nimserver:/> nimadm -j nimadmvg -c dev4 -s spot1 -l lpp_source1 -d "hdisk7" -Y Initializing the NIM master. Initializing NIM client dev4. 0042-006 c_rsh: (exec_nimsh_cmd) exec_cmd Error 0 poll: setup failure... (2 Replies)
Discussion started by: getrue
2 Replies

LEARN ABOUT OPENSOLARIS

ssh-add

ssh-add(1)							   User Commands							ssh-add(1)

NAME

       ssh-add - add RSA or DSA identities to the authentication agent

SYNOPSIS

       ssh-add [-lLdDxX] [-t life] [ file ]...

DESCRIPTION

       The  ssh-add  utility  adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it attempts to add
       all of the files $HOME/.ssh/identity (RSA v1), $HOME/.ssh/id_rsa (RSA v2), and $HOME/.ssh/id_dsa (DSA v2) that exist. If more than  one	of
       the  private  keys  exists, an attempt to decrypt each with the same passphrase will be made before reprompting for a different passphrase.
       The passphrase is read from the user's tty or by running the program defined in SSH_ASKPASS (see below).

       The authentication agent must be running.

OPTIONS

       The following options are supported:

       -d	  Instead of adding the identity, this option removes the identity from the agent.

       -D	  Deletes all identities from the agent.

       -l	  Lists fingerprints of all identities currently represented by the agent.

       -L	  Lists public key parameters of all identities currently represented by the agent.

       -t life	  Sets a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format  speci-
		  fied in sshd(1M).

       -x	  Locks the agent with a password.

       -X	  Unlocks the agent.

ENVIRONMENT VARIABLES

       DISPLAY		If  ssh-add  needs  a  passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If
       SSH_ASKPASS	ssh-add does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program spec-
			ified  by SSH_ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from
			a .Xsession or related script.

       SSH_AUTH_SOCK	Identifies the path of a unix-domain socket used to communicate with the agent.

EXIT STATUS

       The following exit values are returned:

       0    Successful completion.

       1    An error occurred.

FILES

       These files should not be readable by anyone but the user. Notice that ssh-add ignores a file if it is accessible by others. It is possible
       to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file.

       If  these  files are stored on a network file system it is assumed that either the protection provided in the file themselves or the trans-
       port layer of the network file system provides sufficient protection for the site policy. If this is not the case, then it  is  recommended
       the key files are stored on removable media or locally on the relevant hosts.

       Recommended names for the DSA and RSA key files:

       $HOME/.ssh/identity	  Contains the RSA authentication identity of the user for protocol version 1.

       $HOME/.ssh/identity.pub	  Contains the public part of the RSA authentication identity of the user for protocol version 1.

       $HOME/.ssh/id_dsa	  Contains the private DSA authentication identity of the user.

       $HOME/.ssh/id_dsa.pub	  Contains the public part of the DSA authentication identity of the user.

       $HOME/.ssh/id_rsa	  Contains the private RSA authentication identity of the user.

       $HOME/.ssh/id_rsa.pub	  Contains the public part of the RSA authentication identity of the user.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ssh(1), ssh-agent(1), ssh-keygen(1), sshd(1M), attributes(5)

SunOS 5.11							    9 Jan 2004								ssh-add(1)
All times are GMT -4. The time now is 11:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy