07-10-2012
ssh, and any other sane login system, is designed to prevent you from injecting plaintext passwords. "interactive password authentication" means "password typed by a human being in realtime authentication" and nothing else will do. It reads from a terminal to make sure it's getting human input and not scripted input.
It's a subtle hint, written in mile-high flashing neon letters, that scripting passwords is an extremely bad idea. It's insecure. That's why they made it so hard to do.
Fortunately ssh has the simple, easy, and convenient ssh-keys feature built into it for you to use. Just have the right files in the right places and it will work natively.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi all,
Is there a way to prevent users from being able to execute commands less a select few? For instance, I wish to allow the user to be only able to execute 1 command, which is exec a.sh. He should not be able to do simple stuff such as ls, cd, rm, cat, etc.
Can this be achieved?
... (1 Reply)
Discussion started by: rockysfr
1 Replies
2. Shell Programming and Scripting
i have logged in as user.
I want to write a script to login into root and execute commands for eg. ifconfig or other command.
kindly help me out. (6 Replies)
Discussion started by: pradeepreddy
6 Replies
3. Debian
hello friends,
one user is created named "user1"
I login as "user1" . Now when i do "su -" to be root user I have to give password for root .
Is there any way through which we can skip giving the password to root.
i.e.
user1@work:~$ su -
Password: xxxxxx
work:~$
I don't want that... (1 Reply)
Discussion started by: pradeepreddy
1 Replies
4. Shell Programming and Scripting
Hello All,
I'm new to unix and i need the below favour from you.
I have list of 50 unix server. I need to login to all the server one by one and with the same user and password. I will declare the user name and password globally in the script.
for example :
servername- hyperV
user name... (4 Replies)
Discussion started by: Hari A
4 Replies
5. Shell Programming and Scripting
Requirement:
Run a shell script with below inputs
file name
checksum
path
the script should go to multiple servers (around 35) and verify the input cksum and if there is a mismatch display a simple message to the user that cksum verification failed.
host details, user id /... (1 Reply)
Discussion started by: amicableperson
1 Replies
6. Shell Programming and Scripting
Hi,
I am using solaris 10 and bash shell.Script execution follows below.Initially it will check whether a directory exists or not if does not exist it will create it.(This I have completed)
Second step:I have four users say user1,user2,user3,user4.Script should prompt for the user id and... (11 Replies)
Discussion started by: muraliinfy04
11 Replies
7. Shell Programming and Scripting
Hi,
I want to collect info from a no. of servers whether there grub.conf contain "elevator" parameter or not.
What I want is
sudo cat /etc/grub.conf | grep -q "elevator=noop"; echo $?
If output is "0", I want name of that host in a file called "present"
if its not "0", I want that... (4 Replies)
Discussion started by: stunn3r
4 Replies
8. Shell Programming and Scripting
Hi,
i want to write script where it will login into 50 hosts and if login is successful it print message "login to host1 is
successful" if not it should print message "Not able to login to host1". once connection to the host is succesful it should fire df command to check filesystem if df is... (3 Replies)
Discussion started by: amru8810
3 Replies
9. Solaris
HI Community.
I was trying to create ssh password less authentication for one user called night and it's not working for me.
These are the steps I followed:-
I have logged into the server and issued ssh-ketgen -t rsabash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.... (4 Replies)
Discussion started by: bentech4u
4 Replies
10. Shell Programming and Scripting
Hi,
I have a requirement where in i need to write a shell script to set users password to never expire. I know the command which is used to perform the same .. which is chage command.
But, could not figure out how to do the same in shell script.
Could you please help me with the shell... (3 Replies)
Discussion started by: suren424
3 Replies
LEARN ABOUT HPUX
ssh-keysign
ssh-keysign(1M) ssh-keysign(1M)
NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)
AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)