12-23-2019
sftp's
-b option doesn't seem to cooperate well with
sshpass, which in itself is a security risk. Comments on the net:
Never Use on Production Server, Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
man sshpass:
Quote:
Sshpass runs ssh in a dedicated tty, fooling it into ...
- doesn't sound too secure, does it?
Quote:
-b batchfile
Batch mode reads a series of commands from an input batchfile instead of stdin. Since it lacks user interaction it should be used in conjunction with non-interactive authentication
So - all that boils down to: Consider non-interactive, passwordless authentication.
Quote:
Originally Posted by
mohtashims
@Rudic
..
.
Can you please suggest ?
Did you read my other comments?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
mac 10.4>terminal>linux remote server>ssh login accepted>session closed-why?
AHHHH!!
I have been connecting to the server with the line: ssh userid@website.com
The remote server accepts my password; logs me in with ssh; posts a lovely welcome message AND closes the session. Is this a "term... (0 Replies)
Discussion started by: xprankard
0 Replies
2. Red Hat
Friends,
I have installed Putty in my windows xp pc. I am connecting the RHEL
AS 3 server using putty from my windows xp. My printer is connected to
my windows xp.
Now, i want to print text.txt of RHEL AS 3.0 in my windows xp printer
through putty.
For Example:
my pc ip is 117.23.2.55... (3 Replies)
Discussion started by: sathyguy
3 Replies
3. Windows & DOS: Issues & Discussions
Hello all
is there any free tool like linux tabbed terminal but for windows
im used to work with putty and its great but i wander if there something like putty
but with tabs
thanks (12 Replies)
Discussion started by: umen
12 Replies
4. UNIX for Dummies Questions & Answers
I *think* what I want to do is not only possible but easy, but as a "dummy" :) I can't figure it out. Here's what I have:
Linux (Ubuntu 10.04) laptop that is not in my house, but has an Internet connection.
Linux (Ubuntu 9.04) computer in my house that has unfettered access to the... (6 Replies)
Discussion started by: WesleyC
6 Replies
5. UNIX for Dummies Questions & Answers
Dear all
i am new to linux/debian
i run my application on the computer...during startup in bashrc i wrk wid dis script to invoke startx..i do this above command and it works perfectly...
if && ; then
startx -- -br 1>/dev/null
exit 0
fi
i use winscp for file transfer and putty for... (1 Reply)
Discussion started by: venkat_330
1 Replies
6. Linux
Hi,
i am trying to connect my Putty session on a windows box to a linux SSH, i have generated private and public key pairs using puttygen, i have set the public one to be in an OPENSSH format... and have put this in my authorized_keys file in linux, when i connect i get the following errors:
... (1 Reply)
Discussion started by: Jtyreman
1 Replies
7. UNIX for Dummies Questions & Answers
Hello All,
I am running a script (power shell) from my desktop (Windows). The script needs to sftp a file(using PuTTY psftp.exe ) from my desktop to a server(UNIX server). Then, as a second step, the script needs to move (or copy and delete) this file from one directory on the server (UNIX server)... (3 Replies)
Discussion started by: scampi
3 Replies
8. Shell Programming and Scripting
Hi,
I am triggering a windows exe file using the below command.
ssh user@remoteserver command.exe -option1:xx /option2:yy
This command is working fine from windows command prompt. When I am triggering the same command from ssh I get the error message cant load
Any ideas to deal with... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies
9. Solaris
Hi,
I want to run putty.exe in Solaris server.My main aim is to invoke the putty.exe in Solaris server from a web application(.jsp) deployed in the server so that putty terminal should open.
Thanks in advance (11 Replies)
Discussion started by: chaithanyaa
11 Replies
10. UNIX for Beginners Questions & Answers
Hi, totally new to linux base using windows when started learning and using computers.
but i remember that one pc was there , look alike windows desktop, but could not do the task as windows just click and open and view edit etc. But, you could do a little differently even saving in and opening... (8 Replies)
Discussion started by: jraju
8 Replies
LEARN ABOUT DEBIAN
login_duo
LOGIN_DUO(8) BSD System Manager's Manual LOGIN_DUO(8)
NAME
login_duo -- second-factor authentication via Duo login service
SYNOPSIS
login_duo [-d] [-c file] [-h host] [-f user] [command [args...]]
DESCRIPTION
login_duo provides secondary authentication via the Duo authentication service, executing the user's login shell or command only if success-
ful.
The following options are available:
-c Specify an alternate configuration file to load. Default is /etc/duo/login_duo.conf
-d Debug mode; send logs to stderr instead of syslog.
-h Specify the remote IP address for this login (normally taken from the SSH_CONNECTION environment variable, if set).
-f Specify an alternate Duo user to authenticate as.
If login_duo is installed setuid root (the default), these options are only available to the super-user.
After successful Duo authentication, the user's login shell is invoked, or if an alternate command or SSH_ORIGINAL_COMMAND environment vari-
able is specified, it will be executed via the user's shell with a -c option.
CONFIGURATION
The INI-format configuration file must have a ``duo'' section with the following options:
host Duo API host (required).
ikey Duo integration key (required).
skey Duo secret key (required).
groups If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the
space-separated pattern-lists (see PATTERNS below).
failmode On service or configuration errors that prevent Duo authentication, fail ``safe'' (allow access) or ``secure'' (deny access).
Default is ``safe''.
pushinfo Send command to be approved via Duo Push authentication. Default is ``no''.
An example configuration file:
[duo]
host = api-deadbeef.duosecurity.com
ikey = SI9F...53RI
skey = 4MjR...Q2NmRiM2Q1Y
pushinfo = yes
If installed setuid root (the default), login_duo performs Duo authentication as a dedicated privilege separation user, requiring that the
configuration file be owned and readable only by this user.
PATTERNS
A pattern consists of zero or more non-whitespace characters, '*' (a wildcard that matches zero or more characters), or '?' (a wildcard that
matches exactly one character).
A pattern-list is a comma-separated list of patterns. Patterns within pattern-lists may be negated by preceding them with an exclamation mark
('!'). For example, to specify Duo authentication for all users (except those that are also admins), and for guests:
groups = users,!wheel,!*admin guests
EXAMPLES
login_duo can be enabled system-wide by specifying its full path as a ForceCommand in sshd_config(5) to capture any SSH remote login (includ-
ing subsystems, remote commands, and interactive login):
ForceCommand /usr/local/sbin/login_duo
Similarly, a group of administrators could require two-factor authentication for login to a shared root account by specifying login_duo as
the forced command for each public key in ~root/.ssh/authorized_keys:
command="/usr/local/sbin/login_duo -f alice"
ssh-rsa AAAAB2...19Q== alice@example.net
command="/usr/local/sbin/login_duo -f bob"
ssh-dss AAAAC3...51R== bob@example.net
A user without root access could configure their own account to require Duo authentication via the same ~/.ssh/authorized_keys forced command
mechanism and a user-installed (non-setuid) login_duo.
FILES
/etc/duo/login_duo.conf
Default configuration file path
AUTHORS
login_duo was written by Duo Security <duo_unix@duosecurity.com>
NOTES
When used to protect remote SSH access, only interactive sessions support interactive Duo login. For scp(1), sftp(1), rsync(1), and other
ssh(1) remote commands, login_duo automatically tries the user's default out-of-band factor (smartphone push or voice callback) and disables
real-time login progress reporting to provide a clean shell environment.
BSD
September 3, 2010 BSD