LinuxQuestions.org
Have you listened to LQ Radio?
Go Back   LinuxQuestions.org > Forums > Enterprise Linux > Linux - Enterprise
Reload this Page SSH authentication using existing AD tokens
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Tags used in this thread
Popular LQ Tags , ,

Reply
 
Thread Tools
Old 11-01-2008, 10:44 AM   #1
mp1smw
LQ Newbie
 
Registered: Nov 2008
Posts: 2
Thanked: 0
SSH authentication using existing AD tokens

[Log in to get rid of this advertisement]
Hi, this question is primarilly about integration of authentication with Acitive Direcotry, but I want to go past the standard username/password access. On my windows domain I login and am given a token (or something similar) which is accepted by all network resources such as proxies and file shares etc. What I want to be able to do is have the same seamless authentication on a linux box (SUSE or Redhat Enterprise) and not have to enter my uname/pass again (as the simple LDAP scheme usually requires). In fact really I want this to happen for ssh access for reasons I will bore you with if required and have not seen this done anywhere.
Any ideas out there?

Steve
mp1smw is offline  
Tag This Post , ,
Reply With Quote
Old 11-01-2008, 11:17 AM   #2
jschiwal
Moderator
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 12,877
Thanked: 232
You could use public key authentication instead. However, your private key should be protected (on the client) with a passphrase which means typing in the passphrase at least once. If you use public key authentication, and ssh-agent & ssh-add on the client, you only need to enter the passphrase once on the client. The passphrase or decrypted private key shouldn't exist anywhere.
but in your head.

---
Using username/password challenge authentication is not as secure but if that is what you want to do, look at enabling PAM authentication. AFAIK, if both the client and server use AD/LDAP authentication then the ChallengeResponse ssh authentication will look to PAM to ok the login. Some disto's like SuSE have a wizard in the Users & Groups setup to set this up for you.
Also, enter the terms: "linux pam ldap ssh sso" into google. You will come up with a number of howto pages.

---

I wouldn't recommend this however. Using password authentication allows brute force attacks. Using public key authentication without a passphrase protected private key is dangerous if the private key is stolen. ( This happened to Red Hat recently )
jschiwal is offline     Reply With Quote
Old 11-02-2008, 07:43 AM   #3
mp1smw
LQ Newbie
 
Registered: Nov 2008
Posts: 2
Thanked: 0

Original Poster
Thanks for the quick response. It looks like there is some stuff out there I might be able to use, the main tip was earching for SSO in addition to the other words which I had already done.
I guess it will take me a nother couple of weeks to evaluate and test the many results available but at least I now have a foot in the door.
If I mange to produce a concise set of instruction for acheivig this I will add them to this thread.
Thanks,

Steve
mp1smw is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
scp without authentication and ssh with authentication? bkcreddy17 Linux - Server 7 10-08-2008 02:33 AM
LXer: ssh-xfer: Quickly grabbing files over an existing SSH connection LXer Syndicated Linux News 0 08-08-2008 04:11 PM
Re-Open existing SSH Session Dankles Linux - Networking 2 08-27-2007 08:49 AM
SSH authentication blmack44 Linux - Security 1 12-31-2004 03:13 PM
SSH Authentication Help kalikoder Linux - Networking 2 07-16-2003 03:10 PM


All times are GMT -5. The time now is 01:10 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration