07-25-2015
While 700 permission on ~/.ssh/ and 600 on ~/.ssh/authorized_keys, both on the remote node, are recommended but not mandatory, the local ~/.ssh/id_rsa NEEDS 600 permission, or ssh will simply ignore a private key file if it is accessible by others. (man ssh).
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Vesion 3.8.1 of OpenSSH has been compiled on a Solaris 8 host. I am having difficulties in enabling password aging to work from reading /etc/default/passwd and /etc/shadow.
# passwd -f < user-id > works satisfactorily however once a password ages through due course from the settings in... (1 Reply)
Discussion started by: raylen
1 Replies
2. Solaris
Hi,
I would like to login from a Sun server running ssh:
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
to
ssh: SSH Secure Shell 3.0.1 on sparc-sun-solaris2.6
How can I achieve this?
Thanks a million in advance (1 Reply)
Discussion started by: newbewie
1 Replies
3. Windows & DOS: Issues & Discussions
Hi all, I am just enjoying my first experience with UNIX type stuff but I am completely stumped with syntax etc. I have installed OpenSSH on my windows machine which is a working nicley and I can gain access using putty. I am however trying to set up public key authentication and turn off passwords... (2 Replies)
Discussion started by: bilbonvidia
2 Replies
4. Windows & DOS: Issues & Discussions
Hi Gurus
I have installed OpenSSH server in one of my Windows 2003 boxes.
I have installed the setup and added the users as told in the link.
But i am getting an "Access denied" whenever i try to log in through ssh or sftp. But when i try to log in through my loopback IP (127.0.0.1),i am... (1 Reply)
Discussion started by: Renjesh
1 Replies
5. Windows & DOS: Issues & Discussions
Hi people,
I'm trying to configure the OpenSSH in my win server 2003 to accept connection with public/private keys, without password.
I research all over internet sites about, almost all them, have the same instructions that doesn't work.
I can just get a sFTP connection with password without... (0 Replies)
Discussion started by: laurentiis
0 Replies
6. AIX
Hello together,
I have a Problem with openssh on AIX 5.3.
We have a big amount of AIX-hosts that run with openssh but one donīt!
Every time we try to connect via ssh to the host, we get a password prompt.
The myth ist, that there is no Error or somthing else.
Here the output of ssh -vvvv to... (14 Replies)
Discussion started by: heifei
14 Replies
7. UNIX for Dummies Questions & Answers
Hello,
I am very unfamiliar with linux/unix (don't even know the difference), but am trying to get some linux software to run on my Windows machine for my research. I have the makefiles for the software, and it is designed to be compiled in the PGI complier, which I also have. When i... (6 Replies)
Discussion started by: roba87
6 Replies
8. UNIX for Advanced & Expert Users
Hello,
I just installed a bran new Centos 6.2 including openssh 5.3.
On older servers I installed older Linux including openssh 4.3,
I am using keygen with private/public keys to log root on all servers (in a LAN) without typing password each time.
To do this, of course, I have my local... (4 Replies)
Discussion started by: epoins
4 Replies
9. Cybersecurity
Hello Gurus,
I am trying to set up bidirectional password-less login between a linux and a Solaris. The way I am doing is very simple, which is creating pub/priv key pairs on each host and add the pub key to each other's authorized_keys file:
ssh-keygen -t rsa (I tried dsa, and it didn't work... (4 Replies)
Discussion started by: error_lee
4 Replies
10. Cybersecurity
I stumbled upon this thread and one aspect of it got me thinking. As i am building a small Linux network right now for a friend i would like to hear your opinion on this.
I'd like to respectfully disagree. I think the Linux habit of disabling root login per default is wrong (not entirely... (6 Replies)
Discussion started by: bakunin
6 Replies
LEARN ABOUT LINUX
pam_pwhistory
PAM_PWHISTORY(8) Linux-PAM Manual PAM_PWHISTORY(8)
NAME
pam_pwhistory - PAM module to remember last passwords
SYNOPSIS
pam_pwhistory.so [debug] [use_authtok] [enforce_for_root] [remember=N] [retry=N] [authtok_type=STRING]
DESCRIPTION
This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the
same password too frequently.
This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or
LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking.
OPTIONS
debug
Turns on debugging via syslog(3).
use_authtok
When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the
example of the stacking of the pam_cracklib module documented below).
enforce_for_root
If this option is set, the check is enforced for root, too.
remember=N
The last N passwords for each user are saved in /etc/security/opasswd. The default is 10.
retry=N
Prompt user at most N times before returning with error. The default is 1.
authtok_type=STRING
See pam_get_authtok(3) for more details.
MODULE TYPES PROVIDED
Only the password module type is provided.
RETURN VALUES
PAM_AUTHTOK_ERR
No new password was entered, the user aborted password change or new password couldn't be set.
PAM_IGNORE
Password history was disabled.
PAM_MAXTRIES
Password was rejected too often.
PAM_USER_UNKNOWN
User is not known to system.
EXAMPLES
An example password section would be:
#%PAM-1.0
password required pam_pwhistory.so
password required pam_unix.so use_authtok
In combination with pam_cracklib:
#%PAM-1.0
password required pam_cracklib.so retry=3
password required pam_pwhistory.so use_authtok
password required pam_unix.so use_authtok
FILES
/etc/security/opasswd
File with password history
SEE ALSO
pam.conf(5), pam.d(5), pam(8) pam_get_authtok(3)
AUTHOR
pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de>
Linux-PAM Manual 06/04/2011 PAM_PWHISTORY(8)