LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-15-2011, 08:44 AM   #1
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Rep: Reputation: Disabled
SSH


Hi. all
I don't want to allow users to login to the server using ssh, instead of that I just want to know the way, how user can execute shell script through ssh which is stored in the server when the ssh user is having /bin/nologin shell.
 
Old 09-15-2011, 09:24 AM   #2
tbrand
Member
 
Registered: Jul 2006
Location: Toronto, Canada
Distribution: gentoo
Posts: 33

Rep: Reputation: 17
Hi loveunix,

one possible method is to prefix the user's public key in the .ssh/authorized_keys file with the command directive. For example, in my subversion accounts, I have the added the following prefix to the public keys stored in .ssh/authorized_keys:

Code:
command="svnserve -t -r/home/somedirectory --tunnel-user=someuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQE
 
1 members found this post helpful.
Old 09-15-2011, 01:00 PM   #3
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Original Poster
Rep: Reputation: Disabled
SSH

Thanks for your quick reply.
What is "AAAAB3NzaC1yc2EAAAABIwAAAQE" this. Is this the content of id_rsa.pub which is stored in .ssh directory of user's machine?
I want to run this below shell script, by which users itself can change their htpasswd password which is stored in /var/www/local/.auth_users.

#! /bin/bash
###This shell script is stored in the name htpasswd.sh in /var/www/ directory###
HTPASSWD=local/.auth_users
###The local directory also under /var/www###
###.auth_users is the file which holds the username and password###
die () { echo "$*" >&2 ; exit 1 ; }
read -p 'Enter user name: ' USER
read -s -p 'Old password: ' OLDPW ; echo
read -s -p 'New password: ' NEWPW0 ; echo
read -s -p 'Re-type new password: ' NEWPW1 ; echo
if LINE=$(grep ^"$USER": "$HTPASSWD")
then
echo "$LINE" | sed 's/.*:\(..\)\(.\+\)/\1 \2/' | {
read SALT CRYPT
if [[ "$SALT$CRYPT" = $(echo "$OLDPW" | mkpasswd -sS "$SALT") ]] ; then
if [ "$NEWPW0" != "$NEWPW1" ] ; then
die "Password verification error!"
fi
PWS=$(grep -v ^"$USER:" "$HTPASSWD")
{
echo "$PWS"
echo -n "$USER:"
echo "$NEWPW0" | mkpasswd -s
} > "$HTPASSWD"
echo "Updating password for user $USER."
else
die "Password verification error!"
fi
}
else
die "Password verification error!"
fi

I am able to change the htpasswd password which is stored in .auth_users file via this shell script and checked with browser it is taken new password and working fine. I changed the permission as "chown www-data.www-data local/.auth_users" and "chown www-data.www-data htpasswd.sh". I am running apache server on ubuntu. I could not understand that where I want to create .ssh/authorized_keys file? Should I create it inside the www-data user's home directory i.e inside /var/www ?
If yes, how can I add entry to /var/www/.ssh/authorized_keys file as that all the user can change their htpasswd password? Could you please guide me with some more examples. And also give me some url links, which shows that how the users can change their password through browser itself and what all things I need to do for that.


Quote:
Originally Posted by tbrand View Post
Hi loveunix,

one possible method is to prefix the user's public key in the .ssh/authorized_keys file with the command directive. For example, in my subversion accounts, I have the added the following prefix to the public keys stored in .ssh/authorized_keys:

Code:
command="svnserve -t -r/home/somedirectory --tunnel-user=someuser",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQE

Last edited by loveulinux; 09-15-2011 at 01:04 PM. Reason: Correction
 
Old 09-15-2011, 01:57 PM   #4
tbrand
Member
 
Registered: Jul 2006
Location: Toronto, Canada
Distribution: gentoo
Posts: 33

Rep: Reputation: 17
The answer to the first question is ``yes''. I'm sorry I did not make it clear in my response: the string that starts with ``ssh-rsa AAAAB3Nz ...'' represents the initial sequence of a user's public key.

The authorized_keys file should be in $HOME/.ssh directory where $HOME represents the home directory of the user id that will be executing the password change script.

Now, your last paragraph confuses me a bit. My understanding of the original question was that you were looking for a way to allow users to execute a specific script using an ssh session without having to obtain a shells session first. In the last paragraph you seem to suggest that you want your script to be executed by the apache server as a response to a browser request. But I may be misinterpreting it. Could you please clarify.
 
1 members found this post helpful.
Old 09-15-2011, 09:20 PM   #5
loveulinux
Member
 
Registered: Aug 2011
Posts: 68

Original Poster
Rep: Reputation: Disabled
SSH

"In the last paragraph you seem to suggest that you want your script to be executed by the apache server as a response to a browser request. But I may be misinterpreting it. Could you please clarify."
I meant to say that, is there any script which allows users to change their own password after giving their current password, when users point to that script file(cgi, perl, etc) in the browser.

"The answer to the first question is ``yes''. I'm sorry I did not make it clear in my response: the string that starts with ``ssh-rsa AAAAB3Nz ...'' represents the initial sequence of a user's public key".
Then could u plz show me how the entry should be in /var/www/.ssh/authorized_keys file in the web server. and when user want change his password, should he use command in his PC as "ssh www-data@webserverIP_address" or ""ssh www-data@webserverIP_address 'htpasswd.sh'". how he should use the ssh command to execute the shell script. I request u to clarify.

"Now, your last paragraph confuses me a bit. My understanding of the original question was that you were looking for a way to allow users to execute a specific script using an ssh session without having to obtain a shells session first".
Yes you are correct.


The authorized_keys file should be in $HOME/.ssh directory where $HOME represents the home directory of the user id that will be executing the password change script.

Now, your last paragraph confuses me a bit. My understanding of the original question was that you were looking for a way to allow users to execute a specific script using an ssh session without having to obtain a shells session first. In the last paragraph you seem to suggest that you want your script to be executed by the apache server as a response to a browser request. But I may be misinterpreting it. Could you please clarify.[/QUOTE]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
LXer: ssh-xfer: Quickly grabbing files over an existing SSH connection LXer Syndicated Linux News 0 08-08-2008 03:11 PM
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 03:15 PM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 12:34 PM


All times are GMT -5. The time now is 07:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration