Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-23-2017, 09:55 AM
|
#1
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Rep:
|
Re-generate ssh keys when password is changed for Service Accounts?
Have a Bash script where a service account uses scp to move files from a server to a logging server without logging in via ssh keys.
Recently had to change the password on the service account due to password policies, however the script stopped working.
Did some troubleshooting and re-generated the ssh keys and then it worked again.
I didn't find any info online, however if I change the password for accounts that are tied to ssh keys/scripts, will we have to generate ssh keys each time this is done?
thanks
|
|
|
08-23-2017, 10:10 AM
|
#2
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
|
I thought ssh keys were system to system and had nothing to do with the actual user on the system. However maybe I'm incorrect and they are a combination of user@system-name-or-address. Meanwhile I don't see how this is tied to the password for the user account.
Except that you have to type the password, even the newer one, however I do not feel it requires generation of new keys.
Testing this on my system now...
Last edited by rtmistler; 08-23-2017 at 10:18 AM.
|
|
|
08-23-2017, 10:16 AM
|
#3
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
|
I had to create keys to ssh to my system Mint 18.1 running OpenSSH 7.2p2 the first time I connected.
I disconnected, changed my password and when I reconnected, it just allowed me to type the new password and didn't require me to generate new keys.
I wonder if the IP address of your client changed and this is the reason for the need for new keys.
Meanwhile, same thought there which is that if you have the keys using hostnames and the hostname is the same ...
Last edited by rtmistler; 08-23-2017 at 10:19 AM.
|
|
|
08-23-2017, 10:17 AM
|
#4
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,504
|
ssh keys are independent of passwords, however from the information from the OP we have on idea on how exactly the scp script is authenticating so it's difficult to say what the actual issue is.
Things that came to mind is that there could be a passphrase on the the private key or that there's something making use of ssh-agent to provide authentication.
|
|
|
08-23-2017, 01:19 PM
|
#5
|
LQ Guru
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
|
I can confirm that ssh (and friends like rsync and scp) must continue to work with public/private key authentication, regardless of password set.
That is the point of key authentication. If I want access to a system without password exchange between me and the remote administrator, he creates a new user account for me with an unknown password. I send the public key. He places it in ~/.ssh/authorized_keys. And I try to avoid changing my public key ever, unless I fear my private key is compromised.
After that, I log in without a password and change my password. Logins after that continue as before.
I can't possibly imagine what could cause the key authentication to stop working. If only the password has changed. I do not have experience with passphrases.
It might be worth to re-test this. It is a nuisance to re-create and distribute keys.
jlinkels
|
|
|
09-05-2017, 09:17 PM
|
#6
|
Senior Member
Registered: Jan 2004
Posts: 1,420
Original Poster
Rep:
|
We suffered from a SAN failure (both controllers failed) and still in the process of cleanup. I'm guessing this is part of the cleanup, as I wouldn't think that ssh keys would fail when setting a password for a service account that expires every 365 days.
thanks
Quote:
Originally Posted by jlinkels
I can confirm that ssh (and friends like rsync and scp) must continue to work with public/private key authentication, regardless of password set.
|
|
|
|
All times are GMT -5. The time now is 08:20 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|