release all user to ssh without password
I use the ssh-keygen -t rsa to release user to connect another server without input password , but it seems only release to a specific user , can advise if I want all user can login a specific a/c in remote server without input password , what can i do ? thx
|
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite quick, or run the ssh-keygen & ssh-copy-id part for every one of them (much better and cleaner - somewhat more work). Cheers, Tink |
Quote:
I really want to do that , but I am not understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx |
Quote:
Evo2. PS. This is the same as the second option presented by Tinkster |
Quote:
you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx |
Quote:
Doing things securely can sometimes take a little effort to setup: adding each users public key to the authorized_keys2 is the way to go. Evo2. |
Quote:
BAD PRACTICE, and you really shouldn't be doing it - heck, you shouldn't even think about it ;} But you could easily put the original .ssh/id_{dsa,rsa} private keys into your systems skeleton directory (/etc/skel by default) and use the -m flag when you create new users ... And I repeat: while this can be done it's VERY BAD PRACTICE!!! Just bite the bullet, maybe write a wrapper around useradd that will do the key-generation for you as you create the user ... have a service account with the privilege to write to anyones home on the remote machine, and throw the newly created key at that during user creation. Cheers, Tink |
All times are GMT -5. The time now is 04:07 AM. |