Visit The New, Modern Unix Linux Community


SSH with a nologin account


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers SSH with a nologin account
# 1  
SSH with a nologin account

Is it possible to SSH with an account that has its shell set to /sbin/nologin?

The reason I ask is because I am running an instance of nagios where I need to use SSH keys to run a check, but I am getting connect errors in Nagios. Also, what is the risk I run into if I just simply change my nagios user's shell from nolgin to /sbin/bash
is this not recommended?

Thanks
# 2  
You can't login to ssh with an account set to nologin, no. That's kind of the point.

Actually now that I think of it you can install a utility called 'scponly', which is a special "shell" which will allow users to login for scp/sftp but won't permit them to login to a shell session. This would have the security advantages of nologin, but still let you check keys by logging in with scp.
# 3  
Bug You can use SSH on nologin account

YES !

You CAN ssh from a a nologin account (such as daemon, apache, tomcat, ect..). The only thing you have to do is:
1 - Create global known_hosts file at /etc/ssh/ssh_known_hosts
2 - Change it's permission to 644. Note: NOT 600. Other people need to read it.
4 - Put destination host key into this file.
5 - Create a RSA keypair then add id_rsa.pub to destination account (if you use password, try yourself).
==> you can use ssh to run command remotely.
I created a PHP page (run by daemon user on system) to execute command by another user at another machine, of course using SSH. Smilie
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #217
Difficulty: Medium
Network operating systems can be embedded in a router or hardware firewall that operates the functions in the physical layer (layer 1).
True or False?

8 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Allow AD service account SSH to Linux systems without 2FA

I have Windows AD server and all of the linux computers are joined to AD. Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA # less /etc/pam_radius_acl.conf sshd:* # /etc/pam.d/sshd auth required pam_sepermit.so auth requisite... (0 Replies)
Discussion started by: davidpar007
0 Replies

2. Red Hat

Su-only account with ssh capability and no interactive login

Hello experts, Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate. Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies

3. Shell Programming and Scripting

Need help regarding user with nologin

Hi, Need one clarification.. If suppose, I have disabled the login to a particular user XXX, but not deleted the user. So the scripts which must be executed using the user XXX can still be executed using that user or is it not possible..? In our tasks, we are disabling the user XXX, and after... (1 Reply)
Discussion started by: Dpu
1 Replies

4. UNIX for Dummies Questions & Answers

ssh for different user account in a server configuration

Hi team, I am not able to configure the ssh settings for a UserA to do ssh or scp to the UserB in the same server , what could be the best way to do the ssh form UserA to UserB. I've generated the public key in UserA ~/.ssh and kept a copy of that in ~/.ssh of authorized_key of UserB . Still... (1 Reply)
Discussion started by: posix
1 Replies

5. Cybersecurity

openssh_4.6 on Unixware 7.1.4 - ssh does not lock account after x attempts

Hi all, I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4 when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Discussion started by: chlawren
0 Replies

6. UNIX for Dummies Questions & Answers

Creating FTP account using SSH (putty)?

Hello, : ) I have a remote access to the server that hosts my joomla, and it does not have cpanel. So I have to do everything manually. I need to have an FTP account to the httpdocs folder because I need to put these info in the config file of joomla (to allow file uploading ...etc) So,... (8 Replies)
Discussion started by: Hayatt
8 Replies

7. UNIX for Dummies Questions & Answers

need a stable proxy server or free ssh account to visit blocked sites, who can help?

In our country, blogspot.com, twitter.com facebook.com....and more excellent sites are blocked by the Goverment FireWall, who can help me ? thanks a lot for your kind. (2 Replies)
Discussion started by: shuke
2 Replies

8. Shell Programming and Scripting

Shell account SSH Tunnelling?

What do I need to do to be able to connect to an IRC server from work? At work I'm behind a firewall that blocks all IRC connections on standard ports. I read that I could use a shell account and set something up (which I am searching what) that I could use to connect to and tunnel my... (4 Replies)
Discussion started by: KromiX
4 Replies

Featured Tech Videos