LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   host based authentication using ssh with different users on the server (http://www.linuxquestions.org/questions/linux-security-4/host-based-authentication-using-ssh-with-different-users-on-the-server-563283/)

powah 06-20-2007 04:39 PM

host based authentication using ssh with different users on the server
 
Is it possible for host based authentication using ssh with different users on the server?
e.g. server has users john and powah.
Is it possible to setup host based authentication using ssh so that password is required when login as john but no password is required when login as powah?

acid_kewpie 06-20-2007 05:09 PM

preshared keys typically establish a security association between a local user account and a remote user account. so it's at a user level that a password can be bypassed. does that not generally cover the level you're after or are you looking at being able to log in from anywhere without a password? please say no...

powah 06-20-2007 05:53 PM

Quote:

Originally Posted by acid_kewpie
preshared keys typically establish a security association between a local user account and a remote user account. so it's at a user level that a password can be bypassed. does that not generally cover the level you're after or are you looking at being able to log in from anywhere without a password? please say no...

I want:
# ssh john@server
prompt for password

# ssh powah@server
no prompt for password

I want to find out whether host based authentication (using ~/.ssh/authorized_keys) can do that.

SlacUser 06-20-2007 05:57 PM

Why do you want to do that??

I don't think the no password prompt is a good idea. It will leave your system vulnerable and accessible without any restriction

powah 06-20-2007 08:58 PM

Quote:

Originally Posted by SlacUser
Why do you want to do that??

I don't think the no password prompt is a good idea. It will leave your system vulnerable and accessible without any restriction

To clarify:
I want the server to prompt or not prompt for the password depending
on the user and client.
How to do that?
Can host based authentication (using ~/.ssh/authorized_keys, etc) do
that?
e.g.
from a known client,
# ssh john@server
prompt for password

# ssh powah@server
no prompt for password

from an unknown client,
# ssh john@server
prompt for password

# ssh powah@server
prompt for password

acid_kewpie 06-21-2007 02:54 AM

i've already told you that that's possible. next step is for you to read documenation about ssh pre shared keys, like the tutorial in our tutorials subsite.


All times are GMT -5. The time now is 12:30 AM.