LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-12-2015, 08:30 AM   #16
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513

Looks like the user doesn't exist on that system.

You still are not following directions either.

You can't login using "user1@ip_address1"

again. Try
Code:
echo "$passvar" | ssh -p 44 $i "sudo su - 'passwd --stdin $uservar'"
And have a valid user name in $uservar.

Also use code blocks to prevent misformatting.

One last thing.. if the file ip.txt has "ip_address1" it won't work unless that is the host name for the server.

And I did make a mistake here. Sorry: I left out the -c option to su, that line should be:

Code:
echo "$passvar" | ssh -p 44 $i "sudo su - -c 'passwd --stdin $uservar'"

Last edited by jpollard; 06-12-2015 at 08:39 AM.
 
Old 06-12-2015, 08:44 AM   #17
Revenge7
Member
 
Registered: Mar 2015
Posts: 38

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
Looks like the user doesn't exist on that system.

You still are not following directions either.

You can't login using "user1@ip_address1"

again. Try
Code:
echo "$passvar" | ssh -p 44 $i "sudo su - 'passwd --stdin $uservar'"
And have a valid user name in $uservar.

Also use code blocks to prevent misformatting.
User exists on system. I did what you said and then it asks for root's password (as I said it before). This is not a solution for my script. I connected to remote server with user1@ip_address1 by key authentication without entering any password. What I want to do is connect the remote server by determined user (user whose password will be changed) and then becoming root with sudo su - to finally use passwd to change related user's password on all servers listed in txt file, respectively.

ps: It is not allowed to change PermitRootLogin to yes, again I said it before.

Last edited by Revenge7; 06-12-2015 at 08:46 AM.
 
Old 06-12-2015, 09:12 AM   #18
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
Quote:
Originally Posted by Revenge7 View Post
User exists on system. I did what you said and then it asks for root's password (as I said it before). This is not a solution for my script. I connected to remote server with user1@ip_address1 by key authentication without entering any password. What I want to do is connect the remote server by determined user (user whose password will be changed) and then becoming root with sudo su - to finally use passwd to change related user's password on all servers listed in txt file, respectively.

ps: It is not allowed to change PermitRootLogin to yes, again I said it before.
Do you realize that if you have all the users credentials there is no security?

do you realize that if ANY USER on the server can use "sudo su -", then there is NO SECURITY?

Root doesn't have to login. YOU DO.
sudo should be configure to ONLY ALLOW YOU (or other admins) to use "su -".

You cannot login as the user (which $uservar is) and the use sudo su - (if you can, as I said, you have NO SECURITY).

Last edited by jpollard; 06-12-2015 at 09:16 AM.
 
Old 06-16-2015, 06:06 AM   #19
Revenge7
Member
 
Registered: Mar 2015
Posts: 38

Original Poster
Rep: Reputation: Disabled
Unhappy

Quote:
Originally Posted by jpollard View Post
Do you realize that if you have all the users credentials there is no security?

do you realize that if ANY USER on the server can use "sudo su -", then there is NO SECURITY?

Root doesn't have to login. YOU DO.
sudo should be configure to ONLY ALLOW YOU (or other admins) to use "su -".

You cannot login as the user (which $uservar is) and the use sudo su - (if you can, as I said, you have NO SECURITY).
Normally, users defined on admins group ($uservar is one of them) can use sudo su -, not any user. Still, I have not solved problem
 
Old 06-16-2015, 08:23 AM   #20
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,912

Rep: Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513Reputation: 1513
All I can say is that the commands I gave work here.

And you still have a problem with having collected all the keys from your admins - they can trivially delete them without even trying hard. After all, the accounts own the list of keys, and they own the directory the file is in.

I could see using "ssh youraccount@host ..." and not using the users account. That way you aren't depending on the user to be "nice".

With all the complexity it seems your site would do better to use Kerberos for user authentication. That would eliminate having to distribute passwords in an inherently less secure way as there are no passwords used for user authentication, and a centralized password control... But that would depend on how many systems you have. If only 4, it could be considered a bit of overkill, but could also be used as a "future expansion planning" feature.

Last edited by jpollard; 06-16-2015 at 08:26 AM.
 
Old 06-17-2015, 08:33 AM   #21
Revenge7
Member
 
Registered: Mar 2015
Posts: 38

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
All I can say is that the commands I gave work here.

And you still have a problem with having collected all the keys from your admins - they can trivially delete them without even trying hard. After all, the accounts own the list of keys, and they own the directory the file is in.

I could see using "ssh youraccount@host ..." and not using the users account. That way you aren't depending on the user to be "nice".

With all the complexity it seems your site would do better to use Kerberos for user authentication. That would eliminate having to distribute passwords in an inherently less secure way as there are no passwords used for user authentication, and a centralized password control... But that would depend on how many systems you have. If only 4, it could be considered a bit of overkill, but could also be used as a "future expansion planning" feature.
We decided to set up Kerberos to servers, too. Thank you for your helps .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
please help to fix the bash command not found error in tinyos mahewish Linux - Newbie 6 09-26-2012 06:52 AM
[SOLVED] command not found error when running my bash script thras0 Programming 3 07-28-2012 02:43 PM
[SOLVED] Centos 5 Error :- -bash: yum: command not found sachinsud Linux - Server 56 06-21-2012 07:41 PM
When logging into Xserver I get a bash command not found error. AaronKillingsworth Slackware 3 12-29-2009 10:20 PM
bash: command not found error ksgill Linux - Newbie 10 07-01-2003 03:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration