LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-23-2017, 09:55 AM   #1
JockVSJock
Senior Member
 
Registered: Jan 2004
Posts: 1,420
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
Re-generate ssh keys when password is changed for Service Accounts?


Have a Bash script where a service account uses scp to move files from a server to a logging server without logging in via ssh keys.

Recently had to change the password on the service account due to password policies, however the script stopped working.

Did some troubleshooting and re-generated the ssh keys and then it worked again.

I didn't find any info online, however if I change the password for accounts that are tied to ssh keys/scripts, will we have to generate ssh keys each time this is done?

thanks
 
Old 08-23-2017, 10:10 AM   #2
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
Blog Entries: 13

Rep: Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945
I thought ssh keys were system to system and had nothing to do with the actual user on the system. However maybe I'm incorrect and they are a combination of user@system-name-or-address. Meanwhile I don't see how this is tied to the password for the user account.

Except that you have to type the password, even the newer one, however I do not feel it requires generation of new keys.

Testing this on my system now...

Last edited by rtmistler; 08-23-2017 at 10:18 AM.
 
Old 08-23-2017, 10:16 AM   #3
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
Blog Entries: 13

Rep: Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945Reputation: 4945
I had to create keys to ssh to my system Mint 18.1 running OpenSSH 7.2p2 the first time I connected.

I disconnected, changed my password and when I reconnected, it just allowed me to type the new password and didn't require me to generate new keys.

I wonder if the IP address of your client changed and this is the reason for the need for new keys.

Meanwhile, same thought there which is that if you have the keys using hostnames and the hostname is the same ...

Last edited by rtmistler; 08-23-2017 at 10:19 AM.
 
Old 08-23-2017, 10:17 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,504

Rep: Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572Reputation: 1572
ssh keys are independent of passwords, however from the information from the OP we have on idea on how exactly the scp script is authenticating so it's difficult to say what the actual issue is.

Things that came to mind is that there could be a passphrase on the the private key or that there's something making use of ssh-agent to provide authentication.
 
Old 08-23-2017, 01:19 PM   #5
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195

Rep: Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044
I can confirm that ssh (and friends like rsync and scp) must continue to work with public/private key authentication, regardless of password set.

That is the point of key authentication. If I want access to a system without password exchange between me and the remote administrator, he creates a new user account for me with an unknown password. I send the public key. He places it in ~/.ssh/authorized_keys. And I try to avoid changing my public key ever, unless I fear my private key is compromised.

After that, I log in without a password and change my password. Logins after that continue as before.

I can't possibly imagine what could cause the key authentication to stop working. If only the password has changed. I do not have experience with passphrases.

It might be worth to re-test this. It is a nuisance to re-create and distribute keys.

jlinkels
 
Old 09-05-2017, 09:17 PM   #6
JockVSJock
Senior Member
 
Registered: Jan 2004
Posts: 1,420

Original Poster
Blog Entries: 4

Rep: Reputation: 164Reputation: 164
We suffered from a SAN failure (both controllers failed) and still in the process of cleanup. I'm guessing this is part of the cleanup, as I wouldn't think that ssh keys would fail when setting a password for a service account that expires every 365 days.

thanks

Quote:
Originally Posted by jlinkels View Post
I can confirm that ssh (and friends like rsync and scp) must continue to work with public/private key authentication, regardless of password set.
 
  


Reply

Tags
linux service accounts, ssh, ssh keys


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changed routers, new gateway, how do I update my SSH keys properly? Tachtory Linux - Networking 1 12-02-2015 07:16 PM
LXer: SSH login without password using SSH keys LXer Syndicated Linux News 0 09-21-2014 01:36 AM
SFTP with both SSH keys and password 2buck56 Linux - Software 2 08-31-2013 03:40 PM
[SOLVED] ssh keys - no password issue kongfranon Linux - Server 12 10-12-2010 12:25 AM
SSH Keys not working - in some accounts but not all wacki Linux - Security 4 09-12-2010 11:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration