LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-13-2004, 04:59 PM   #1
wellard1981
LQ Newbie
 
Registered: Apr 2004
Posts: 2

Rep: Reputation: 0
Question Authentication to SSH via MySQL


Is it possible to use a MySQL database to authenticate SSH connections to a linux SSHD server?

I've seen the pam module pam_mysql, and sort of have an idea how it works, but I was just wondering if anyone else has implemented something like it and to find out how it went?
 
Old 04-15-2004, 04:33 PM   #2
nex6
Member
 
Registered: Apr 2004
Distribution: Ubuntu;Debain;Redhat
Posts: 46

Rep: Reputation: 16
ssh is authencated from the OS, altho you can add group access control to sshd,

and then just add users you want to have access to ssh to that group.


-Nex6
 
Old 04-17-2004, 05:16 AM   #3
wellard1981
LQ Newbie
 
Registered: Apr 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by nex6
ssh is authencated from the OS, altho you can add group access control to sshd,

and then just add users you want to have access to ssh to that group.


-Nex6
I don't think you understood the question.

SSH uses PAM to enable it to authenticate users using /etc/passwd and/or /etc/shadow. I want to be able to authenticate people to SSH using a MySQL database/table, where everyones username/password/account details are stored in it, hence the pam_mysql module.

Any other advice welcomed

Cheers,
Wellard.
 
Old 04-17-2004, 01:03 PM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
If this is practicable, then you need to copy all the username/passwords to a mysql table.
 
Old 04-21-2004, 09:14 AM   #5
yocompia
Member
 
Registered: Apr 2003
Location: Chicago, IL
Distribution: openbsd 3.6, slackware 10.0
Posts: 244

Rep: Reputation: 30
make sure you hash your data that's sitting in the MySQL database.

isn't this engineering a serious hole into your security model? i'd imagine it's much easier to brute-force into a MySQL database than it is to exploit an sshd overflow or jack password files.

if this is to give users that register accounts with a webpage a shell access, then i understand what you're up to, but otherwise i'd just stick to giving people shell accounts with "default" passwords (email them with login/pass and tell them to change the default password).

just some thoughts.
 
Old 04-21-2004, 09:30 AM   #6
mgor
LQ Newbie
 
Registered: Apr 2004
Posts: 2

Rep: Reputation: 0
when logging in via ssh, the ssh daemon checks some files in ~/, so it can
be done if the user already have a valid home directory.

check out the pam-mysql module.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Authentication Problem mjanveaux Linux - Security 3 12-02-2005 05:16 PM
SSH authentication blmack44 Linux - Security 1 12-31-2004 02:13 PM
SSH Authentication Help kalikoder Linux - Networking 2 07-16-2003 02:10 PM
certificate authentication for ssh cuss Linux - Security 1 12-16-2002 09:48 AM
SSH Authentication problem centaur Linux - Networking 1 08-30-2001 05:28 PM


All times are GMT -5. The time now is 11:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration