05-26-2015
If I read and understand correctly, you've done it the wrong direction. The keys need to be generated on the client, and the public one needs to be added to the server's .ssh/authorized_keys.
10 More Discussions You Might Find Interesting
1. HP-UX
Hi everybody, im a newer, i want to setup a logfile to capture information about user login/logout (and some other events ex: a user ftp, run a speacial command) on my system in HP-UX, pls help me.
i think only edit file /etc/syslog.conf but dont know how to do it.
Help me. (0 Replies)
Discussion started by: pwd
0 Replies
2. UNIX for Dummies Questions & Answers
Hi everybody, im a newer, i want to setup a logfile to capture information about user login/logout (and some other events ex: a user ftp, run a speacial command) on my system in HP-UX, pls help me.
i think only edit file /etc/syslog.conf but i dont know how to do it.
Help me. (3 Replies)
Discussion started by: pwd
3 Replies
3. HP-UX
There is two server, server A and server B. In server A, I would like to login ssh to server B without typing password. (no need for ssh2)
Therefore, I do the followings:
Server A:
>cd ~
>mkdir .ssh
>ssh-keygen -t dsa -f .ssh/id_dsa
Then copy the file id_dsa.pub to Server B
Server B:... (2 Replies)
Discussion started by: alfredo
2 Replies
4. Solaris
Hi Gurus
I have a few Sol 5.9 servers and i have enabled password less authentication between them for my user ID. Often i have found that when my password has expired,the login fails.
Resetting my password reenables the keys.
Do i need to do something to avoid this scenario or is this... (2 Replies)
Discussion started by: Renjesh
2 Replies
5. Red Hat
I setup the keys between 2 servers, but my user account has no password specified for it (never set one up on the account for security reasons). When I try to SSH to the server, SSH prompts for a password that doesn't exist (so I can never connect successfully).
Note: 'passwd -d Rynok' removes... (3 Replies)
Discussion started by: Rynok
3 Replies
6. Shell Programming and Scripting
Hello,
I need to find a way to connect from server1 to 30 other servers using a single line command in order to run various command from the other 30 servers.
I am looking for a single line connection command in which i can provide the server name user name and password and connect to the... (2 Replies)
Discussion started by: LiorAmitai
2 Replies
7. Cybersecurity
Hi,
I have setup password less ssh connection between Server A and Server B and I am able to connect with User2.
But my requirement is, User 1 run a script in Server A to ssh into Server B as User 2 but it is asking password every time I execute.
Server A:
Login as User 1 and execute sh... (8 Replies)
Discussion started by: sakthi.99it
8 Replies
8. UNIX for Advanced & Expert Users
How do I setup a Samba server to always ask to user and password, when a windows user, prints your files using a shared printer through a Samba Linux Server (CUPS)? (0 Replies)
Discussion started by: viga
0 Replies
9. Red Hat
I am using redhat 6.4 and i want to login ssh without password kindly guide me (2 Replies)
Discussion started by: kannansoft1985
2 Replies
10. Red Hat
Hello Experts,
when I am trying to connect my target server through sftp after creating ssh password less setup, it is asking for passowrd to connect.
to setup this I followed below process:
-->generated keys by executing the command "ssh-keygen -t rsa"
-->this created my .ssh directory... (9 Replies)
Discussion started by: Devipriya Ch
9 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)
PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)