Unix/Linux Go Back    

Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Ssh connection

Red Hat

Thread Tools Search this Thread Display Modes
Old Unix and Linux 01-02-2013   -   Original Discussion by maddy26615
maddy26615's Unix or Linux Image
maddy26615 maddy26615 is offline
Registered User
Join Date: Jan 2013
Last Activity: 9 March 2013, 11:59 PM EST
Posts: 6
Thanks: 3
Thanked 0 Times in 0 Posts
Tools Ssh connection


I have ssh connection between two servers for a functional Id for SFTP purpose.

I aim is to setup this for is only work when below command is used by a .ksh script.

ssh userid@servername:/directory

Unfortunately users who have access to functional id are manually using above command and start moving files between these two servers. I want to restrict this manual login and activate only for scripts that contains above command.

Please advise

Sponsored Links
Old Unix and Linux 01-02-2013   -   Original Discussion by maddy26615
admin_xor's Unix or Linux Image
admin_xor admin_xor is offline
Registered User
Join Date: Jun 2011
Last Activity: 3 May 2015, 12:12 PM EDT
Posts: 452
Thanks: 13
Thanked 80 Times in 76 Posts
You have to specify ChrootDirectory in /etc/ssh/sshd_config which will be chroot-ed during an sftp session. You may make this as the home directory for the "functional ID" (shared ID I suppose).


Sponsored Links
Old Unix and Linux 01-02-2013   -   Original Discussion by maddy26615
thmnetwork's Unix or Linux Image
thmnetwork thmnetwork is offline
Registered User
Join Date: Mar 2004
Last Activity: 13 April 2013, 4:20 PM EDT
Location: Boise, Idaho, United States
Posts: 144
Thanks: 13
Thanked 6 Times in 6 Posts
So my understanding of your question is that you want to have passwordless ssh command only work if its invoked by a particular script?

Really, the only reasonable way I can think to do that is:
1) push the passwordless ability to some other user
2) have that script be invoked via a sudo to that user and only that script.

That would get you to the point where you would do something like:

sudo -iu newUser /path/to/script.ksh

Ultimately, it's about removing the shared account's ability to directly use the public/private key associated with the remote login. Whether that involves pushing the passwordless functionality to a different user and just control who can run the script as the newer user (as described above) or leaving it in place and having people use a different shared account, that's what needs to happen.
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
SSH connection issue Pratik4891 Shell Programming and Scripting 3 08-30-2011 01:33 AM
ssh connection with java amine Programming 0 08-14-2009 10:28 AM
ssh connection olli-h UNIX for Dummies Questions & Answers 1 03-16-2006 04:40 AM
ssh connection lealyz UNIX for Advanced & Expert Users 9 11-14-2003 01:39 AM

All times are GMT -4. The time now is 06:43 PM.