03-03-2003
disallowing user/pass authentication in favor of a pure key system?
i finally got my key-pair system working... sort of a makeshift eToken
system. however, i only want to allow this sytem for system access. i
don't want to allow for the standard user/pass authentication system.
right now i changed the following:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
(i removed the comment and changed it to no).
however, i can still login with my user/pass.
any idea how i can prevent this?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi all,
I have got a Solaris machine and I have several user account setup up with the .ssh and authorized_keys file in their home directories.
I have check all the permission and ownership and they are all indentical and belongs to the user ID and group respectively. However one of the... (3 Replies)
Discussion started by: stancwong
3 Replies
2. Shell Programming and Scripting
Hey, I've create a custom useradd script, and I don't want the person creating the user to be able to put comma's in any of the input fields, because it could corrupt the /etc/passwd file.
I don't care what other characters they put in there, so is there a way I can just check all the input... (1 Reply)
Discussion started by: paqman
1 Replies
3. Shell Programming and Scripting
Hello Guys,
I need your help. I am trying to create a script to change password for multipls servers but having problem when it comes to ssh key authentication. Does anyone have a sample script that will disable ssh key authentication for multiple servers?;) (3 Replies)
Discussion started by: youdexter
3 Replies
4. UNIX for Advanced & Expert Users
Hello,
We have an issue attempting to login from a Unix Solaris to an NT server using key authentication. I will attempt to provide you with as much of the relevant information regarding the way the system is set up, although I'm workingin solely on the Unix side, so don't have full access to... (3 Replies)
Discussion started by: SteveBurch
3 Replies
5. Shell Programming and Scripting
Hi Team,
we have problem with sftp. Though SA team has setup the keys between 2 server, sftp still prompts for the password. After many attempt to rectify the problem, SA has asked us force the SSH key based authentication by using following command.
sftp2 --indetity="folder/private_key"... (6 Replies)
Discussion started by: ace_friends22
6 Replies
6. Solaris
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Discussion started by: aixlover
1 Replies
7. HP-UX
We are trying to do a key exchange from Sun solaris server to HP UNIX server. Errro we are getting is as below:-
sshd2: connection from "10.13.240.6"
sshd2: auths-pam: PAM subprocess returned packet SSH_PAM_OP_ERROR. (err_num: 32, err_msg: General Commercial Security error)
sshd2: User... (4 Replies)
Discussion started by: sandipmandal
4 Replies
8. UNIX for Advanced & Expert Users
I setup passwordless authentication on a Ubuntu vm by ssh'ing into the localhost. I'm trying to do the same thing on another machine but it's not working. I believe I have the permissions setup properly and keygen'd. Is there a way to disable passwordless authentication? I have permission to... (4 Replies)
Discussion started by: MaindotC
4 Replies
9. UNIX for Advanced & Expert Users
hi All,
this issue is regarding ssh key authentication, although i have performed this activity on two separate servers, now i have to configure the same again on 2 more servers. i did everything what i did earlier but this time i am getting some error, and i am unable to understand what exactly... (2 Replies)
Discussion started by: lovelysethii
2 Replies
10. UNIX for Advanced & Expert Users
Using below below command i'm able to connect or authenticate server, In below command password contains special characters
sshpass -v -p 'ASJBA%hs76)#' ssh -q -o ConnectTimeout=5 hostname
But If I pass password as a variable I'm not able to connect or authenticate server, can you please help... (1 Reply)
Discussion started by: sam@sam
1 Replies
LEARN ABOUT MOJAVE
keylogin
keylogin(1) User Commands keylogin(1)
NAME
keylogin - decrypt and store secret key with keyserv
SYNOPSIS
/usr/bin/keylogin [-r]
DESCRIPTION
The keylogin command prompts for a password, and uses it to decrypt the user's secret key. The key may be found in the /etc/publickey file
(see publickey(4)) or the NIS map ``publickey.byname'' or the NIS+ table ``cred.org_dir'' in the user's home domain. The sources and
their lookup order are specified in the /etc/nsswitch.conf file. See nsswitch.conf(4). Once decrypted, the user's secret key is stored by
the local key server process, keyserv(1M). This stored key is used when issuing requests to any secure RPC services, such as NFS or NIS+.
The program keylogout(1) can be used to delete the key stored by keyserv .
keylogin will fail if it cannot get the caller's key, or the password given is incorrect. For a new user or host, a new key can be added
using newkey(1M), nisaddcred(1M), or nisclient(1M).
If multiple authentication mechanisms are configured for the system, each of the configured mechanism's secret key will be decrypted and
stored by keyserv(1M). See nisauthconf(1M) for information on configuring multiple authentication mechanisms.
OPTIONS
-r Update the /etc/.rootkey file. This file holds the unencrypted secret key of the superuser. Only the superuser may use this
option. It is used so that processes running as superuser can issue authenticated requests without requiring that the administra-
tor explicitly run keylogin as superuser at system startup time. See keyserv(1M). The -r option should be used by the administra-
tor when the host's entry in the publickey database has changed, and the /etc/.rootkey file has become out-of-date with respect
to the actual key pair stored in the publickey database. The permissions on the /etc/.rootkey file are such that it may be read
and written by the superuser but by no other user on the system.
If multiple authentication mechanisms are configured for the system, each of the configured mechanism's secret keys will be stored
in the /etc/.rootkey file.
FILES
/etc/.rootkey superuser's secret key
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO
chkey(1), keylogout(1), login(1), keyserv(1M), newkey(1M), nisaddcred(1M), nisauthconf(1M), nisclient(1M), nsswitch.conf(4), publickey(4),
attributes(5)
NOTES
NIS+ might not be supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.
SunOS 5.10 10 Dec 2001 keylogin(1)