Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Blocking the ssh-keygen command

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Blocking the ssh-keygen command
# 1  
Old 09-24-2010
Blocking the ssh-keygen command
Hi All,
I have a set of 100 servers , where users login through ssh, with a set of around 4-5 users.

We have copied over the public keys to all the servers, for a passwordless authentication.

Is it possible to block the ssh-keygen command for the users , so that the users that login do not change the public and private keys which in turn causes a disruption for other users.

Thanks!
nua7
# 2  
Old 09-24-2010
one way
Code:
chmod 000 ssh-keygen

The users will get an error if they try to run it as well
# 3  
Old 09-24-2010
How could one user change the keys for another user?
# 4  
Old 09-24-2010
Quote:
Originally Posted by achenle
How could one user change the keys for another user?
Good question. If they're sharing keys in some manner, blocking ssh-keygen won't prevent them from modifying the keys by other means.
# 5  
Old 09-24-2010
Depending upon the O/S you could put a filesystem ACL (as opposed to a normal file permission) on the keyfile itself to stop it being overwritten.
# 6  
Old 09-25-2010
Tools
Are you planning to change the keys in the future? You could probably just remove the binary if not (rm `which ssh-keygen`). If you did need to generate new keys you could do so on another machine and scp them to the servers at a future date.

---------- Post updated at 11:30 PM ---------- Previous update was at 11:29 PM ----------
Quote:
Originally Posted by Corona688
Good question. If they're sharing keys in some manner, blocking ssh-keygen won't prevent them from modifying the keys by other means.
..good point!
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Ssh-keygen problems

For some reason, when I try copying my public key to the server, despite it showing as being successful: rob@linux044:~$ ssh-copy-id -i /home/rob/Work/Keys/keys.txt.pub !@#$%.com /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rob/Work/Keys/keys.txt.pub"... (7 Replies)
Discussion started by: Circuits
7 Replies

2. Shell Programming and Scripting

Automate or 1 line command for ssh-keygen -t rsa

I know there's an echo 1 liner command that will do a new line for me, I think same with fdisk too. Dont want to press "enter,enter,enter" just to finish the ssh-keygen -t rsa. Hope you understand what i mean here. Thanks ssh-keygen -t rsa Generating public/private rsa key pair. Enter... (1 Reply)
Discussion started by: invinzin21
1 Replies

3. Shell Programming and Scripting

sftp ssh-keygen

sftp username@host <<EOF lcd /home/dirA cd /home/dirB mput *.txt exit EOF Hi, i have done the keygen-ssh settings but rite now I log through putty I enter my credentials and then when i successfully log in, then I issue the command ssh server name then I again enter into the server but... (1 Reply)
Discussion started by: rahulsxn660
1 Replies

4. UNIX for Dummies Questions & Answers

ssh-keygen error

Hi, I using ssh-keygen for passwordless authenciation firstly and I am following these steps mentioned below... 1) Login to pngpcdb1 using your user/pass 2) type 'bash' (without quotes) 3) ssh-keygen #generates private and public key. 4) copy this private key to the location of your sftp... (1 Reply)
Discussion started by: karan2597
1 Replies

5. UNIX for Dummies Questions & Answers

keygen-ssh

Hi, I was going thruough the password less authentication of keygen-ssh that will help us in generating keys...One thing that is not clear to me that if in nearby future we conncet to remote ftp server in that case now we need to only provide the user id itself that is password would not be... (1 Reply)
Discussion started by: rahul125
1 Replies

6. UNIX for Dummies Questions & Answers

ssh-keygen

Hi, I am new to unix, recently i was exploring password less remote connection to the ftp server and in that I was exploring the ssh-keygen utility, that it generates private & public keys that helps in transmitting files in encrypted format.Could you please explain me in detail about the... (1 Reply)
Discussion started by: rahul125
1 Replies

7. Shell Programming and Scripting

Query regarding ssh keygen

Hi, I have two Unix servers A and B. I have a script in server A. I want to connect to server B from A using ssh only and without giving passwords everytime i connect. I went through other posts regarding this and I generated a public key in server A and copied that in server B. Now when I... (3 Replies)
Discussion started by: mick_000
3 Replies

8. Shell Programming and Scripting

SSH-Keygen script

Hello friends, I wanna to make new script which work as i defined below (1) it connect (using ssh) to remote server (2) remote server having passphrase key with password (3) Generate new passphrase on local machine with random 8 character password. (4) It will atomatically uploaded to... (4 Replies)
Discussion started by: jagnikam
4 Replies

9. UNIX for Advanced & Expert Users

ssh-keygen questions (not working)

I have created the keys and placed the public key in the remote user directory (not the server root). (remote machine: dwebapp1) ex: /home/webarch/user_name/.ssh/authorized_keys2 cannot ssh into the remote machine using the following command: ssh ${dwebapp1} the manned description gives... (10 Replies)
Discussion started by: tekline
10 Replies

10. SuSE

ssh-keygen trust problem

OK, this is the problem. I have 2 machines TestA ( Suse 9.0 ) TestB ( Mandrake 10 ) and one of our guys wants to scp from TestA to TestB without the password prompt appearing. Sounds simple so far.... Ok, I haven't used ssh-keygen before, so I create identical logins to test what I'm doing...... (4 Replies)
Discussion started by: PaulC
4 Replies
Login or Register to Ask a Question