A non-interactive password/passphrase/key authentication requires full trust of the involved tools.
Openssl/Openssh? Okay, can be trusted. But Google? And do you trust the 2nd factor device?
Hi MIG,
I use the same Google Authentication PAM module which most everyone else uses (on Linux) , and I'm OK with it.
This is a well established PAM lib enabled by adding the following to the end of the /etc/pam.d/sshd file
and then we simply modify the /etc/ssh/sshd_config file as follows:
and then we restart sshd:
and run:
in the user account which sets everything up for the user and we add the details to the Google Authenticator app.
This is well established and well documented on the net.
I was going to use Symantec VIP Access but those libs are not freely available for the server side.
I'm not worried about the integrity of this method.
I am only concerned about how to pass the 2FA token in a cron file for rsync and so I asked if anyone had done the same, as I could not find anyone (on the net) who has passed the 2FA token and the password using rsync in cron.
It's not a big deal, as I can set up a user for only rsync and use pam_succeed_if.so to permit that user account to bypass 2FA, but I was looking for a solution to pass the 2FA token instead of bypassing for a single user on the server as we do with sshpass in this example:
But so far, I cannot find a solution by someone else who has done with this rsync and libpam-google-authentication.
I'm OK with having a special, restricted userid which bypasses 2FA; but I would prefer not to do this and send the 2FA token along with the username and password in the rsync cron script. That's way I asked "has anyone else done this" and posted the rsync example.
OK I have been working on this simple action for a while and I cannot get it to work.
First off im new to the linux command line world. I feel like I am missing something simple.
What I am trying to achieve is that I want this command:
tcpdump -s2000 -w'flowroute-%H%M.pcap' -G900 -W36 &to... (13 Replies)
Hi All,
I have created crontab using following steps-
1) crontab -e
(edited the file with) 0 10 * * 1-5 /home/user01/exercise/cron.sh
2) then saved this file with :wq
3) cron.sh contains the code-
#!/bin/bash
DAY=`date +%a`
mkdir abc_${DAY}
4) done the execut permision... (3 Replies)
I need to "sync" a directory from a prod server to a test server. Rsync is working but it prompts for a password and I'd like to automate the process. The directory on the prod/source server is owned by root, and some subdirectories are only readable by root. On the test/destination servers, I can... (1 Reply)
hi All,
i have implemented Rsync in my source and destination server. while running through command prompt it is working fine:
ksh rsync_bravo_db.ksh usa0300uz1252.apps.mc.xerox.com /uv1402/u207/home/bravodba/bin/rsync-3.0.9/config/mrsx_rsync.cfg
but later on i created a another ksh and... (4 Replies)
Hi Team,
Please help me to set one script in crontab.
I have one script and inside script, its creating one log file for saving ouptut of script. i have to out that script in crontab. When i put the script in cronatab, it executed and log file created but no data in log.
like this i put in... (3 Replies)
Hey guys!
So I decided to set up some basic user authentication on my apache2 server, and I am running into some problems. I followed the documentation provided by apache on their website, but I cant create the password file for some reason. I did a little trouble shooting myself, and found... (40 Replies)
Hi All,
Can anyone tell me how to schedule the dbshell.sh script to run on sunday.
I have scheduled as 1 19 7 * * /home/svr/dbshell.sh. kindly confirm confirm whether coded "7" or it should set to '0'.
unix:$ crontab -l
0 19 6 * * /home/svr/dbemail.sh
1 19 7 * * /home/svr/dbshell.sh (2 Replies)
Dear all,
I noticed in syslog that i receive authentication failure from cron:
Mar 11 23:19:01 s1 CRON28789]: Authentication failure
Mar 11 23:19:01 s1 cron: Authentication failure
Mar 11 23:19:01 s1 cron: Authentication failure
Mar 11 23:19:01 s1 CRON: Authentication failure
Mar 11... (3 Replies)