I am currently setting up rdiff-backup to use ssh to connect and remotely backup and retrieve data. I am doing so by creating rsa keys for each server and copying the relevant key to the /.ssh folder on the relevant server.
All seems to work well when severs running solaris 8 with ssh 3.6.1 are... (6 Replies)
Hi,
I am running a script from a client machine X which does "SSH" to around 100 other machines in a farm and invokes a local script on each of those machines. Local script localscript.sh on each of those 100 target machines, does some machine specific function like fetch the specific machine's... (1 Reply)
Hi,
I m new to Sun Solaris.
I've only changed the PermitRootLogin from no to yes, so that I can login as root from Window vista by using Putty.exe. Then I can create new users and change password.
Except the above configuration, i have do nothing to my SSH server.
Am I need to generate... (5 Replies)
Hi folks,
What I want to do is to check if there is an instance of running vlc on a remote server, then kill it, and start it again. The code I came up with is:
#!/bin/bash
expectFcn() {
expect -c "
set timeout -1
spawn ssh \"$1@$2\" \"$4\"
match_max 100000
expect {
-re... (2 Replies)
Hi,
I am unable to login into my terminal hosting Solaris 10 and get the below error message
"Server refused to allocate pty
ld.so.1: sh: fatal: libc.so.1: open failed: No such file or directory "
Is there anyways i can get into my machine and what kind of changes are required to be... (7 Replies)
I have a UniVerse database running on a Red Hat EL3 server. If I am on the server console my software can call xpdf giving the name of a target file and it displays very nicely on the console. I have not been able to figure out how to get the display to happen on any of the Windows XP workstations.... (5 Replies)
Hi, It's a Solaris 10 zone. I can ssh to other systems without problems, but can not ssh to it (output attached). I don't think there is a firewall here. /etc/ipf/ipf.conf contains nothing.
What could be the problem cause? Please help. Thank you in advance!
sshclient$ ssh -v thiserver... (1 Reply)
Got a strange problem.
I have 4 Solaris servers all configured the same, Solaris 10 x86 update 10.
When I try to ssh from one Solaris 10 server to another server ssh hangs.
I have an identical server and when I try this everything works fine.
The weird thing is if I am root on the server... (1 Reply)
Hi All,
I want to copy /.ssh/OM.pub file from source to destination.
Here source IP address, username and password is always fixed.
Whereas destination server IP address, password always gets changed.
From destination server :-
I am trying to write a script in which it should log in to... (3 Replies)
hi Gurus,
Have been struggling with this for a while
I have 2 servers , lets say local A and remote B, I need to use both as a part of a pipeline. The folder structure is shared between the two, so I can access the same files and folders from both A and B.
When I try to ssh into B from A,... (15 Replies)
Discussion started by: senhia83
15 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8)PAM_SSH_AGENT_AUTH
This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.
SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
/etc/sudoers:
Defaults env_keep += "SSH_AUTH_SOCK"
This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
/etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
either be local, or forwarded.
Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.
ARGUMENTS
file=<path to authorized_keys>
Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)
allow_user_owned_authorized_keys_file
A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
whenever the expansions %h or ~ are used.
debug
A flag which enables verbose logging
sudo_service_name=<service name you compiled sudo to use>
(when compiled with --enable-sudo-hack)
Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.
This defaults to "sudo".
EXPANSIONS
~ -- same as in shells, a user's Home directory
Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file
%h -- User's Home directory
Automatically enables allow_user_owned_authorized_keys_file
%H -- The short-hostname
%u -- Username
%f -- FQDN
EXAMPLES
in /etc/pam.d/sudo
"auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
The default .ssh/authorized_keys file in a user's home-directory
"auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
Same as above.
"auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not
specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified
allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.
"auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we
have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.
v0.8 2009-08-09 pam_ssh_agent_auth(8)