Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
05-03-2004, 05:24 AM
|
#1
|
|
LQ Newbie
Registered: Apr 2004
Posts: 6
Rep: 
|
ssh password
I want to bypass the password prompt when I use ssh.
I want a normal user to be able to do
ssh -l root <hostname> <command>. and the prompt for the password should not appear.
Can somebody help ? The hostname is my own local host. So this is primarily me logged in as a non-root user to my host trying to so a task using ssh.
Thanks
ssudhi
|
|
|
|
|
05-03-2004, 05:37 AM
|
#2
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.
For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.
|
|
|
|
|
05-03-2004, 06:00 AM
|
#3
|
|
LQ Newbie
Registered: Apr 2004
Posts: 6
Original Poster
Rep:
|
Thanks , but I'm not sure if adding users to sudoers would do.
I have a web site which users can access to create accounts for themselves. For this I use a script which calls the useradd command. But the script prompts for the password, unless run as root.
In this case, the user who tries to create an account for (her)himself cannot be root. I posted this question in this very forum, and somebody suggested that I use setuid. But that didn't work too.
Hence I thought using ssh would be a good option. Any thought?
Please helpppppp. Any other approach to solving this would do. The requirement is as follows.
I have a script to add users ( which uses the useradd command). When a non-root user runs it, it fails because non-root users cannot run useradd. I don't want to use su in the script because that would prompt for the root password. Please give me a way out.
ssudhi
|
|
|
|
|
05-03-2004, 06:24 AM
|
#4
|
|
Member
Registered: Jan 2004
Posts: 409
Rep: 
|
Quote:
Originally posted by jschiwal
Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.
For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.
|
I would like to hear why that it is dangerous, when it's very difficult to recover the SSH2 session. |
|
|
|
|
05-04-2004, 05:55 PM
|
#5
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
If you allow users to log-in as root, then they have full root powers right from the start. SSH2 will protect a user from snooping, but won't protect you from a malicious user. Also, the first time SSH2 is used, there is the potential of a man-in-the-middle attack, since their public key is not known.
A suid script should work. However, it needs to be bullet-proof, because if a user can crash the script, they would be in a shell with full root rights and could do anything.
You may want to have them supply the user name and password information on the web page, and have an independent service check for the saved information somewhere, and use it to create new accounts.
As an after-thought, the reason a suid script wouldn't run could be that the apache server is running in a chroot jail with a restricted shell, or in a partition mounted with the nosuid option. This would actually be a good thing.
Last edited by jschiwal; 05-04-2004 at 06:01 PM.
|
|
|
|
|
05-05-2004, 02:52 AM
|
#6
|
|
Member
Registered: Jan 2004
Posts: 409
Rep:
|
until now SSH2 session cannot be sniffed that is what counts.
You said :
If you allow users to log-in as root, then they have full root powers right from the start
Only one has the root's password  |
|
|
|
|
05-13-2004, 09:30 PM
|
#7
|
|
Moderator
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
ssudhl's was thinking of having guests automatically log in a root.
Even if only one person has the root password, It is best for that person to log in under their own account and su to root if need be. If nothing else, the su is logged, and if a system change is made, you can find out who to ask about it.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 09:18 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
