Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Ssh enforcement
Top Forums UNIX for Advanced & Expert Users Ssh enforcement Post 302954397 by rbatte1 on Monday 7th of September 2015 12:06:39 PM
Old 09-07-2015
Hello mantis10,

I do not believe that you can force the private key to require a password. The PermitEmptyPasswords no is for the challenge & response access (i.e. user and password keyed in)

I think (but am happy to be corrected) that the ServerKeyBits is for how the server side will generate/use keys (for the client to server traffic rather than authentication and/or server to client traffic), rather than being able to restrict the client access.


Sorry about that, but like I say, I think this is working properly. I would be delighted to be corrected though.



Robin
 

6 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Server wide password enforcement rules? 90 day force change.

Using Solaris 9 and 10. What we want to do is set up global rules for our password files to restrict all users, not only new ones set up with the rules but also the ones that have been sitting on the system for years. Is there a global way to force all users to change their password every 90... (1 Reply)
Discussion started by: LordJezo
1 Replies

2. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

3. Shell Programming and Scripting

Using ssh to add register key on ssh server

Hi, I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Discussion started by: leaftree
9 Replies

4. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

5. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

6. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

LEARN ABOUT DEBIAN

lmtptest

LMTPTEST(1)						      General Commands Manual						       LMTPTEST(1)

 *

NAME

       lmtptest - interactive LMTP test program

SYNOPSIS

       lmtptest [ -t keyfile ] [ -p port ] [ -m mechanism ]
		[ -a userid ] [ -u userid ] [ -k num ] [ -l num ]
		[ -r realm ] [ -f file ] [ -n num ] [ -c ]
		[ -i ] [ -o option=value ] [ -v ] hostname

DESCRIPTION

       lmtptest  is  a utility that allows you to authenticate to a LMTP server and interactively issue commands to it. Once authenticated you may
       issue any LMTP command by simply typing it in. It is capable of multiple SASL  authentication  mechanisms  and  handles	encryption  layers
       transparently. This utility is often used for testing the operation of a lmtp server. Also those developing LMTP clients find it useful.

OPTIONS

       -t keyfile
	      Enable  TLS.   keyfile  contains	the  TLS  public and private keys.  Specify "" to negotiate a TLS encryption layer but not use TLS
	      authentication.

       -p port
	      Port to connect to. If left off this defaults to lmtp as defined in /etc/services.

       -m mechanism
	      Force lmtptest to use mechanism for authentication. If not specified the strongest authentication mechanism supported by the  server
	      is chosen.

       -a userid
	      Userid  to use for authentication; defaults to the current user.	This is the userid whose password or credentials will be presented
	      to the server for verification.

       -u userid
	      Userid to use for authorization; defaults to the current user.  This is the userid whose identity will be assumed after  authentica-
	      tion.  NOTE: This is only used with SASL mechanisms that allow proxying (e.g. PLAIN, DIGEST-MD5).

       -k num Minimum protection layer required.

       -l num Maximum  protection  layer to use (0=none; 1=integrity; etc).  For example if you are using the KERBEROS_V4 authentication mechanism
	      specifying 0 will force lmtptest to not use any layer and specifying 1 will force it to use the integrity  layer.   By  default  the
	      maximum supported protection layer will be used.

       -r realm
	      Specify the realm to use. Certain authentication mechanisms (e.g. DIGEST-MD5) may require one to specify the realm.

       -f file
	      Pipe file into connection after authentication.

       -n num Number  of  authentication  attempts;  default  =  1.   The client will attempt to do SSL/TLS session reuse and/or fast reauth (e.g.
	      DIGEST-MD5), if possible.

       -c     Enable challenge prompt callbacks.  This will cause the OTP mechanism to ask for the the one-time password  instead  of  the  secret
	      pass-phrase (library generates the correct response).

       -i     Don't send an initial client response for SASL mechanisms, even if the protocol supports it.

       -o option=value
	      Set the SASL option to value.

       -v     Verbose. Print out more information than usual.

SEE ALSO

       lmtpd(8)

CMU
								   Project Cyrus						       LMTPTEST(1)
All times are GMT -4. The time now is 06:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy