Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH with a nologin account
Top Forums UNIX for Dummies Questions & Answers SSH with a nologin account Post 302589532 by hungld86 on Thursday 12th of January 2012 04:22:52 AM
Old 01-12-2012
Bug You can use SSH on nologin account
YES !

You CAN ssh from a a nologin account (such as daemon, apache, tomcat, ect..). The only thing you have to do is:
1 - Create global known_hosts file at /etc/ssh/ssh_known_hosts
2 - Change it's permission to 644. Note: NOT 600. Other people need to read it.
4 - Put destination host key into this file.
5 - Create a RSA keypair then add id_rsa.pub to destination account (if you use password, try yourself).
==> you can use ssh to run command remotely.
I created a PHP page (run by daemon user on system) to execute command by another user at another machine, of course using SSH. Smilie
 

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell account SSH Tunnelling?

What do I need to do to be able to connect to an IRC server from work? At work I'm behind a firewall that blocks all IRC connections on standard ports. I read that I could use a shell account and set something up (which I am searching what) that I could use to connect to and tunnel my... (4 Replies)
Discussion started by: KromiX
4 Replies

2. UNIX for Dummies Questions & Answers

need a stable proxy server or free ssh account to visit blocked sites, who can help?

In our country, blogspot.com, twitter.com facebook.com....and more excellent sites are blocked by the Goverment FireWall, who can help me ? thanks a lot for your kind. (2 Replies)
Discussion started by: shuke
2 Replies

3. UNIX for Dummies Questions & Answers

Creating FTP account using SSH (putty)?

Hello, : ) I have a remote access to the server that hosts my joomla, and it does not have cpanel. So I have to do everything manually. I need to have an FTP account to the httpdocs folder because I need to put these info in the config file of joomla (to allow file uploading ...etc) So,... (8 Replies)
Discussion started by: Hayatt
8 Replies

4. Cybersecurity

openssh_4.6 on Unixware 7.1.4 - ssh does not lock account after x attempts

Hi all, I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4 when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Discussion started by: chlawren
0 Replies

5. UNIX for Dummies Questions & Answers

ssh for different user account in a server configuration

Hi team, I am not able to configure the ssh settings for a UserA to do ssh or scp to the UserB in the same server , what could be the best way to do the ssh form UserA to UserB. I've generated the public key in UserA ~/.ssh and kept a copy of that in ~/.ssh of authorized_key of UserB . Still... (1 Reply)
Discussion started by: posix
1 Replies

6. Shell Programming and Scripting

Need help regarding user with nologin

Hi, Need one clarification.. If suppose, I have disabled the login to a particular user XXX, but not deleted the user. So the scripts which must be executed using the user XXX can still be executed using that user or is it not possible..? In our tasks, we are disabling the user XXX, and after... (1 Reply)
Discussion started by: Dpu
1 Replies

7. Red Hat

Su-only account with ssh capability and no interactive login

Hello experts, Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate. Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies

8. UNIX for Beginners Questions & Answers

Allow AD service account SSH to Linux systems without 2FA

I have Windows AD server and all of the linux computers are joined to AD. Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA # less /etc/pam_radius_acl.conf sshd:* # /etc/pam.d/sshd auth required pam_sepermit.so auth requisite... (0 Replies)
Discussion started by: davidpar007
0 Replies

LEARN ABOUT SUSE

ssh-keyconverter

SSH-KEYCONVER(1)					    BSD General Commands Manual 					  SSH-KEYCONVER(1)

NAME

     ssh-keyconvert -- convert ssh v1 keys and authorization files

SYNOPSIS

     ssh-keyconvert [-k] [-o output_file] identity_file ...
     ssh-keyconvert [-a] [-o output_file] authorization_file ...

DESCRIPTION

     ssh-keyconvert converts RSA public and private keys used for public key based user authentication with protocol version 1 to the format used
     with protocol version 2.

     When using RSA user authentication with SSH protocol version 1, the client uses the private key from $HOME/.ssh/identity to provide its iden-
     tity to the server. The server grants or denies access based on whether the public part of this key is listed in $HOME/.ssh/authorized_keys.

     SSH protocol version 2 supports both DSA and RSA keys, but the way RSA keys are stored are differently. On the client, the default file name
     is .ssh/id_rsa rather than .ssh/identity, and the file's format is different as well. On the server, the public porting of the key can still
     be stored in .ssh/authorized_keys, but the key notation has changed as well.  Therefore, when switching from protocol version 1 to version 2,
     you either have to create a new identity key using ssh-keygen(1) and add that key to the server's authorized_keys file, or you need to con-
     vert your keys using ssh-keyconvert.

     By default, ssh-keyconvert will try to guess the type of file that is to be converted.  If it fails to guess correctly, you can tell if what
     type of conversion to perform by specifying the -k option to convert the private key, or the -a option to convert an authorisation file.

     When converting your private keys stored in .ssh/identity, ssh-keyconvert will read the private key, prompting you for the pass phrase if the
     key is protected by a pass phrase. If the -o option is given, it will write the private key to the specified file, using version 2 syntax. If
     the key was protected by a pass phrase, it will use the same pass phrase to protect the new file.	It will also write the public portion of
     the key to a second file, using the specified file name with ``.pub'' appended.  If the -o option was not given, private and public key will
     be written to id_rsa and id_rsa.pub, respectively, relative to the directory of the input key file.

     If the destination file already exists, ssh-keyconvert will prompt the user for confirmation before overwriting the file, unless the -f
     option is given.

     When converting your authorized_keys file, ssh-keyconvert will ignore any keys in SSH version 2 format. Any public keys in version 1 format
     will be converted and appended to the output file using the new syntax. If the -o option is given, keys are appended to the specified file.
     If it is not given, ssh-keyconvert will append all keys to the input file.

     Note that ssh-keyconvert does not check for duplicate keys, so if you run it on .ssh/authorized_keys more several times, the converted keys
     will show up several times.

OPTIONS

     -k      Convert private key file(s). The default is to guess the type of file that should be converted.

     -a      Convert authorized_keys file(s). The default is to guess the type of file that should be converted.

     -o outfile
	     Specify the name of the output file.  When converting an authorization file, all public keys will be appended to this file.  For pri-
	     vate key conversion, the private and public components of the key will be stored in outfile and outfile.pub, respectively.  Note that
	     since every key must be stored in a separate file, you cannot use this option when you specify several input files.

     -f      When converting a key file, and the output file already exists, ssh-keyconvert will ask the user whether to overwrite the file. Using
	     this option forces overwriting.

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  ssh-keyconvert was contributed by Olaf Kirch.

SEE ALSO

     ssh(1), ssh-add(1), ssh-agent(1), sshd(8)

     J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-secsh-publickeyfile-01.txt, March 2001, work in progress material.

BSD
								 February 2, 2002							       BSD
All times are GMT -4. The time now is 07:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy