LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-03-2004, 06:24 AM   #1
ssudhi
LQ Newbie
 
Registered: Apr 2004
Posts: 6

Rep: Reputation: 0
ssh password


I want to bypass the password prompt when I use ssh.

I want a normal user to be able to do

ssh -l root <hostname> <command>. and the prompt for the password should not appear.

Can somebody help ? The hostname is my own local host. So this is primarily me logged in as a non-root user to my host trying to so a task using ssh.

Thanks

ssudhi
 
Old 05-03-2004, 06:37 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.

For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.
 
Old 05-03-2004, 07:00 AM   #3
ssudhi
LQ Newbie
 
Registered: Apr 2004
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks , but I'm not sure if adding users to sudoers would do.

I have a web site which users can access to create accounts for themselves. For this I use a script which calls the useradd command. But the script prompts for the password, unless run as root.

In this case, the user who tries to create an account for (her)himself cannot be root. I posted this question in this very forum, and somebody suggested that I use setuid. But that didn't work too.

Hence I thought using ssh would be a good option. Any thought?

Please helpppppp. Any other approach to solving this would do. The requirement is as follows.

I have a script to add users ( which uses the useradd command). When a non-root user runs it, it fails because non-root users cannot run useradd. I don't want to use su in the script because that would prompt for the root password. Please give me a way out.

ssudhi
 
Old 05-03-2004, 07:24 AM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
Quote:
Originally posted by jschiwal
Allowing logins as root may not be a good idea. You may want to setup sudo instead, or have the users su to root after connecting.

For ssh2, add the users public key in the ~/.ssh/authorized_keys2 file.
I would like to hear why that it is dangerous, when it's very difficult to recover the SSH2 session.
 
Old 05-04-2004, 06:55 PM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
If you allow users to log-in as root, then they have full root powers right from the start. SSH2 will protect a user from snooping, but won't protect you from a malicious user. Also, the first time SSH2 is used, there is the potential of a man-in-the-middle attack, since their public key is not known.

A suid script should work. However, it needs to be bullet-proof, because if a user can crash the script, they would be in a shell with full root rights and could do anything.

You may want to have them supply the user name and password information on the web page, and have an independent service check for the saved information somewhere, and use it to create new accounts.

As an after-thought, the reason a suid script wouldn't run could be that the apache server is running in a chroot jail with a restricted shell, or in a partition mounted with the nosuid option. This would actually be a good thing.

Last edited by jschiwal; 05-04-2004 at 07:01 PM.
 
Old 05-05-2004, 03:52 AM   #6
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
until now SSH2 session cannot be sniffed that is what counts.

You said :

If you allow users to log-in as root, then they have full root powers right from the start

Only one has the root's password
 
Old 05-13-2004, 10:30 PM   #7
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
ssudhl's was thinking of having guests automatically log in a root.

Even if only one person has the root password, It is best for that person to log in under their own account and su to root if need be. If nothing else, the su is logged, and if a system change is made, you can find out who to ask about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH without password Ephracis Linux - Security 4 02-25-2005 03:30 PM
SSH without password hywaydave Linux - Security 3 02-02-2005 04:40 AM
can't do password less ssh nedian123 Linux - Networking 2 06-26-2004 04:33 PM
SSH without password Kocil Linux - Networking 6 12-16-2003 03:59 PM
password less SSH maaand Linux - Networking 0 04-23-2002 09:13 PM


All times are GMT -5. The time now is 11:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration