Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have a RHEL4 system using SecurID two-factor authentication via a PAM module. This works fine, but I need to allow some key-based authentication for some automated logins (scripts moving stuff around, etc). The SecurID module has the ability to except logins or groups from the two-factor authentication, but it only knows how to pass the process on to local password authentication. I'd like to avoid running another instance of sshd, if possible. Anyone got this type of setup working before?
Surely the existence of SSH keys in the system prevent the PAM calls in the first place? if you do an ssh -v you'll see that (if permitted to) it first offers relevant rsa / dsa keys to the server, and only if that fails does it then move on to password authentication, which is presumably when your SecurID token is passed to a back end.
Um, nevermind. Upon closer inspection, it turns out that the vendor's install script that created the SSH keys didn't configure them properly. Once I fixed that, everything works fine.
D'oh! I guess that's a reminder to never assume the vendor did what they say they did without verifying it yourself.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.