04-20-2011
Quote:
Originally Posted by
Rob Sandifer
What I am asking...is....what is the mechanism which drives the enforcement of the permissions? In other words, what I am asking is what is actually causing the ssh public key authentication to actually become disabled when directory level permissions on /root are loosened rather than tightened.... Stated anothery way... is it the unix operating system or is it the ssh application itself which causes public key authentication to fail? Thanks.
It's the ssh program itself.
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi
I have installed solaris 10 on an intel machine. Logged in as root. In CDE, i open terminal session, type login alex (normal user account) and password and i get this message
No utpmx entry: you must exec "login" from lowest level "shell" :confused:
What i want is: open various... (0 Replies)
Discussion started by: peterpan
0 Replies
2. Shell Programming and Scripting
Hi Folks,
I am writing a shell script that can logon to remote machine automatically. But, I am facing one problem. I am using "ssh" command in script and while login into remote machine it asks for passowrd and it stops for STDIN input for password. I want my script to supply password... (2 Replies)
Discussion started by: gydave
2 Replies
3. UNIX for Dummies Questions & Answers
Hello,
I am new to this forums and this is my first "asking help" message!
i have 2 problems:
1- for unknown reasons the "source" command is not avalable in my system (UBUNTU). i can't either see it in my bin directory!
2- again for unknown reasons the "login.cl" file in the home... (0 Replies)
Discussion started by: astrosona
0 Replies
4. UNIX for Advanced & Expert Users
Q1
I want to allow particular user only to login into root using ssh.
I have set PermitRootLogin no for security purpose but I want to allow some of
the users to login as a root using ssh how to do this?
I have tried with Allowusers user1 user2 its working for only the user1 and... (3 Replies)
Discussion started by: ungalnanban
3 Replies
5. AIX
Hello,
Using AIX 6.1 boxes.
User user1 connects from box A to box B using ssh.
When password authentication is used everything is fine. When I configure user1 to use public key authentication sftp client works fine(no password asked), but ssh client fails. This is sshd log:
Accepted publickey... (3 Replies)
Discussion started by: vilius
3 Replies
6. Shell Programming and Scripting
Hi all,
can any one have idea that " how to login to more than one PC (simultaneously) using "ssh" "? (1 Reply)
Discussion started by: kavi.mogu
1 Replies
7. UNIX for Dummies Questions & Answers
Please can you help me understand the significance of providing arguments under sh -s in
> ssh -qtt ${user}@${host} "sh -s "${version}"" < test.sh (4 Replies)
Discussion started by: Sree10
4 Replies
8. AIX
Hello,
What is its mean? Could you please help me?
Best regards,
root@nimserver:/> nimadm -j nimadmvg -c dev4 -s spot1 -l lpp_source1 -d "hdisk7" -Y
Initializing the NIM master.
Initializing NIM client dev4.
0042-006 c_rsh: (exec_nimsh_cmd) exec_cmd Error 0
poll: setup failure... (2 Replies)
Discussion started by: getrue
2 Replies
LEARN ABOUT DEBIAN
pam_ssh
PAM_SSH(8) BSD System Manager's Manual PAM_SSH(8)
NAME
pam_ssh -- authentication and session management with SSH private keys
DESCRIPTION
The SSH authentication service module for PAM, pam_ssh provides functionality for two PAM categories: authentication and session management.
SSH Authentication Module
The SSH authentication component verifies the identity of a user by prompting the user for a passphrase and verifying that it can decrypt at
least one of the user's SSH login keys using that passphrase.
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, then
that password is used to decrypt the user's SSH login keys. If this fails, then the authentication module returns
failure without prompting the user for a passphrase.
try_first_pass Similar to the use_first_pass option, except that if the previously obtained password fails to decrypt any of the SSH
login keys, then the user is prompted for an SSH passphrase.
try_first_pass has no effect if pam_ssh is the first module on the stack, or if no previous modules obtained the
user's password.
allow_blank_passphrase Allow SSH keys with no passphrase.
If neither use_first_pass nor try_first_pass is specified, pam_ssh will unconditionally ask for an SSH passphrase.
In addition to the above authentication procedure, all standard SSH keys (identity, id_rsa, id_dsa) for which the obtained password matches
will be decrypted.
SSH Session Management Module
The SSH session management component initiates sessions by starting an SSH agent, passing it any SSH login keys it decrypted during the
authentication phase, and sets the environment variables accordingly.
The SSH session management component terminates the session by killing the previously started SSH agent by sending it a SIGTERM.
The following options may be passed to the session management module:
debug syslog(3) debugging information at LOG_DEBUG level.
INFORMATION LEAKS
Be careful with the using the try_first_pass option when pam_ssh is the first authentication module because it will then leak information
about existing users without login keys: such users will not be asked for a specific SSH passphrase, whereas non-existing users and existing
users with login keys will be asked for a passphrase.
FILES
$HOME/.ssh/identity
$HOME/.ssh/id_rsa
$HOME/.ssh/id_dsa OpenSSH DSA/RSA keys decrypted by pam_ssh.
$HOME/.ssh/login-keys.d/ Location of (possibly symbolic links to) OpenSSH DSA/RSA keys used for authentication and decrypted by pam_ssh.
/var/log/auth.log Usual log file for syslog(3)
SEE ALSO
ssh-agent(1), syslog(3), pam.conf(5), pam(8).
AUTHORS
Andrew J. Korty <ajk@iu.edu> wrote pam_ssh. Dag-Erling Smorgrav wrote the original OpenPAM support code. Mark R V Murray wrote the original
version of this manual page. Jens Peter Secher introduced the login-key concept.
BSD
November 26, 2001 BSD