LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   ssh password (http://www.linuxquestions.org/questions/linux-newbie-8/ssh-password-177254/)

ssudhi 05-03-2004 05:24 AM

ssh password
 
I want to bypass the password prompt when I use ssh.

I want a normal user to be able to do

ssh -l root <hostname> <command>. and the prompt for the password should not appear.

Can somebody help ? The hostname is my own local host. So this is primarily me logged in as a non-root user to my host trying to so a task using ssh.

Thanks

ssudhi

jschiwal 05-03-2004 05:37 AM

Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.

For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.

ssudhi 05-03-2004 06:00 AM

Thanks , but I'm not sure if adding users to sudoers would do.

I have a web site which users can access to create accounts for themselves. For this I use a script which calls the useradd command. But the script prompts for the password, unless run as root.

In this case, the user who tries to create an account for (her)himself cannot be root. I posted this question in this very forum, and somebody suggested that I use setuid. But that didn't work too.

Hence I thought using ssh would be a good option. Any thought?

Please helpppppp. Any other approach to solving this would do. The requirement is as follows.

I have a script to add users ( which uses the useradd command). When a non-root user runs it, it fails because non-root users cannot run useradd. I don't want to use su in the script because that would prompt for the root password. Please give me a way out.

ssudhi

dominant 05-03-2004 06:24 AM

Quote:

Originally posted by jschiwal
Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.

For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.

I would like to hear why that it is dangerous, when it's very difficult to recover the SSH2 session.

jschiwal 05-04-2004 05:55 PM

If you allow users to log-in as root, then they have full root powers right from the start. SSH2 will protect a user from snooping, but won't protect you from a malicious user. Also, the first time SSH2 is used, there is the potential of a man-in-the-middle attack, since their public key is not known.

A suid script should work. However, it needs to be bullet-proof, because if a user can crash the script, they would be in a shell with full root rights and could do anything.

You may want to have them supply the user name and password information on the web page, and have an independent service check for the saved information somewhere, and use it to create new accounts.

As an after-thought, the reason a suid script wouldn't run could be that the apache server is running in a chroot jail with a restricted shell, or in a partition mounted with the nosuid option. This would actually be a good thing.

dominant 05-05-2004 02:52 AM

until now SSH2 session cannot be sniffed that is what counts.

You said :

If you allow users to log-in as root, then they have full root powers right from the start

Only one has the root's password :)

jschiwal 05-13-2004 09:30 PM

ssudhl's was thinking of having guests automatically log in a root.

Even if only one person has the root password, It is best for that person to log in under their own account and su to root if need be. If nothing else, the su is logged, and if a system change is made, you can find out who to ask about it.


All times are GMT -5. The time now is 04:43 PM.