LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-20-2007, 03:39 PM   #1
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Rep: Reputation: 30
host based authentication using ssh with different users on the server


Is it possible for host based authentication using ssh with different users on the server?
e.g. server has users john and powah.
Is it possible to setup host based authentication using ssh so that password is required when login as john but no password is required when login as powah?

Last edited by powah; 06-20-2007 at 03:45 PM.
 
Old 06-20-2007, 04:09 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
preshared keys typically establish a security association between a local user account and a remote user account. so it's at a user level that a password can be bypassed. does that not generally cover the level you're after or are you looking at being able to log in from anywhere without a password? please say no...
 
Old 06-20-2007, 04:53 PM   #3
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
preshared keys typically establish a security association between a local user account and a remote user account. so it's at a user level that a password can be bypassed. does that not generally cover the level you're after or are you looking at being able to log in from anywhere without a password? please say no...
I want:
# ssh john@server
prompt for password

# ssh powah@server
no prompt for password

I want to find out whether host based authentication (using ~/.ssh/authorized_keys) can do that.
 
Old 06-20-2007, 04:57 PM   #4
SlacUser
Member
 
Registered: Apr 2007
Location: México
Distribution: Slackware, Fedora
Posts: 61

Rep: Reputation: 15
Why do you want to do that??

I don't think the no password prompt is a good idea. It will leave your system vulnerable and accessible without any restriction
 
Old 06-20-2007, 07:58 PM   #5
powah
Member
 
Registered: Mar 2005
Distribution: FC, Gentoo
Posts: 276

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by SlacUser
Why do you want to do that??

I don't think the no password prompt is a good idea. It will leave your system vulnerable and accessible without any restriction
To clarify:
I want the server to prompt or not prompt for the password depending
on the user and client.
How to do that?
Can host based authentication (using ~/.ssh/authorized_keys, etc) do
that?
e.g.
from a known client,
# ssh john@server
prompt for password

# ssh powah@server
no prompt for password

from an unknown client,
# ssh john@server
prompt for password

# ssh powah@server
prompt for password

Last edited by powah; 06-20-2007 at 10:34 PM.
 
Old 06-21-2007, 01:54 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
i've already told you that that's possible. next step is for you to read documenation about ssh pre shared keys, like the tutorial in our tutorials subsite.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
users authentication with Fedora Directory Server guy_ripper Linux - Networking 0 11-21-2006 11:06 AM
LXer: Securing Your Server With A Host-based Intrusion Detection System LXer Syndicated Linux News 0 09-20-2006 03:54 PM
LXer: PAM configuration to limit who can use SSH Server based on a list of users LXer Syndicated Linux News 0 07-31-2006 12:36 AM
ssh host authentication bujecas Linux - Security 3 06-22-2006 09:06 AM
User based Authentication in Squid instead of Terminal based. TSK2000 Linux - Software 1 12-30-2005 02:22 AM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration