08-23-2012
We must manage servers in awfully difficult-to-get-to places -- "summer road only, and only in a dry month, no cell service or other humans for miles" kind of difficult -- and though we avoid root access whenever possible it's still occasionally useful. Direct root access is disallowed, and only a few particular users are allowed to sudo to it. ssh keys have automated everything that needs to be.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi, I was wondering how to change the prompt for my ssh login. At the moment it is like
user>
while I'd like it to be as
user@host>
It is in the .bash_profile or .ssh ??? Thanks (2 Replies)
Discussion started by: pmasterkim
2 Replies
2. Shell Programming and Scripting
I am trying to log into a server using SSH through the command line. I understand that the format is sftp -oPort=22 Username@Hostname. My issue is that my user name also has an @ symbol in it. Can someone tell me how I can get the system to not think that the last half of the user name as part... (9 Replies)
Discussion started by: davkatjenn
9 Replies
3. Red Hat
This is the entry when I tail /var/log/secure when I ssh for user "nightly"...
Aug 4 03:19:48 itanium2 sshd: Illegal user nightly from ::ffff:10.91.220.35
Aug 4 03:20:10 itanium2 sshd: Failed password for illegal user nightly from ::ffff:10.91.220.35 port 32862 ssh2
What could be... (3 Replies)
Discussion started by: kirtikjr
3 Replies
4. Solaris
Here is the log im pasting for verbose ssh:
-bash-2.05b$ ssh -v qa_fnp@10.41.11.23
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will... (5 Replies)
Discussion started by: kirtikjr
5 Replies
5. AIX
Hi,
We have a requirement to do passwordless entry from one user to a different user on the same AIX server using ssh keys.
Can some one help me with this?
Thanks in advance,
Panditt (3 Replies)
Discussion started by: deshaipet
3 Replies
6. UNIX for Advanced & Expert Users
I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies
7. UNIX for Dummies Questions & Answers
How can I tell ssh to ask for the username at the prompt instead of passing one in via the -l parameter or $username@$server on the command line?
I know that when I connect to an ssh server via putty, if I don't specify a username when connecting, the ssh server will ask for the username. I'm... (1 Reply)
Discussion started by: dangral
1 Replies
8. Programming
I can ssh to another directory by doing the following:
for server in server1; do ssh -t $server1 "cd /tmp; 'ls'";done
However, if I try to do it as another user it fails:
I have tried:
for server in server1
do
dir=$(su - nbadaccount -c "ssh $server `cd '/tmp/TSTCON'` " )
pwd... (3 Replies)
Discussion started by: newbie2010
3 Replies
9. HP-UX
Dear Concern,
We want to restrict ssh for particular user "oracle". Our HP UX version is as below. Please advise.
# uname -a
HP-UX tabsdb02 B.11.31 U ia64 2963363594 unlimited-user license (2 Replies)
Discussion started by: makauser
2 Replies
10. UNIX for Advanced & Expert Users
Hello Folks,
I lost touch in ssh key gen topics.
I am in need of ssh to a server without password, kindly help me in configuring.
I have two servers,
server1 with user name apha & server1 with user name beta.
I need to ssh to the server2 from server1 with respective users,
Manually i... (3 Replies)
Discussion started by: Thala
3 Replies
LEARN ABOUT V7
ssh-keysign
ssh-keysign(1M) ssh-keysign(1M)
NAME
ssh-keysign - ssh helper program for host-based authentication
SYNOPSIS
ssh-keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the name of the
client user.
ssh-keysign is disabled by default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
basedAuthentication to yes.
ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based authen-
tication.
/etc/ssh/ssh_config
Controls whether ssh-keysign is enabled.
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must be set-uid root if host-based
authentication is used.
ssh-keysign will not sign host-based authentication data under the following conditions:
o If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
den in users' ~/.ssh/ssh_config files.
o If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of the client where ssh-keysign is
invoked and the name of the user invoking ssh-keysign.
In spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWsshu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
ssh(1), sshd(1M), ssh_config(4), attributes(5)
AUTHORS
Markus Friedl, markus@openbsd.org
HISTORY
ssh-keysign first appeared in Ox 3.2.
9 Jun 2004 ssh-keysign(1M)