check whether account exists in a linux machine without authenticating into that machine

rameshkarthik · 02-25-2016, 06:25 AM

Hi All,

This is my first post after a very long time.

I am in a situation where i am using putty or mobaxterm. I need a way to know whether an account on a particular linux machine but I cannot authenticate into that machine.

If somebody has alredy raised this query please point me to that thread.

sorry if this question is silly.

Regards,
K.Ramesh Karthik.

cliffordw · 02-25-2016, 10:46 AM

Hi there,

Disclosing that information weakens the security of the system, as it makes brute force login attacks easier. Without this info, an attacker needs to guess both the username and password, while with it she only needs to guess the password. I have not seen any system that discloses this by default in MANY years, so if there is a way, it's most likely only because someone deliberately enabled it. Examples of such tools include finger, telnet, and some FTP versions.

Regards,

Clifford

hydrurga · 02-25-2016, 10:55 AM

Why can't you authenticate into the machine?

rameshkarthik · 02-26-2016, 03:58 AM

I am using some privileged id management tool and I need to onboard an account into that tool. So before an account gets onboarded I need a way to check of its present in the target linux system.

The linux system is currently handled by the some other team. I need to wait 2 days to get a response from the team each time. Also regularly the linux admin team will offboard certain servers or account within those servers. So if there is a way where I can check whether an account is present in the target linux machine each time before making any change to the account that would help me immensely

Regards,
K.Ramesh Karthik.

cliffordw · 02-26-2016, 04:11 AM

The best approach might be to ask them to give you an account of your own on each of these servers, then you can write a script to SSH into it and look in /etc/passwd whether the account exists.