LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   release all user to ssh without password (https://www.linuxquestions.org/questions/linux-newbie-8/release-all-user-to-ssh-without-password-780406/)

elainelaw 01-06-2010 08:16 PM
release all user to ssh without password
 
I use the ssh-keygen -t rsa to release user to connect another server without input password , but it seems only release to a specific user , can advise if I want all user can login a specific a/c in remote server without input password , what can i do ? thx

Tinkster 01-06-2010 08:29 PM
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).


Cheers,
Tink

elainelaw 01-07-2010 12:36 AM
Quote:
Originally Posted by Tinkster (Post 3816949)
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).


Cheers,
Tink
Thx reply ,

I really want to do that , but I am not understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx

evo2 01-07-2010 12:40 AM
Quote:
Originally Posted by elainelaw (Post 3817160)
Thx reply ,

I really want to do that , but I am understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.

Evo2.

PS. This is the same as the second option presented by Tinkster

elainelaw 01-07-2010 01:46 AM
Quote:
Originally Posted by evo2 (Post 3817164)
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.

Evo2.

PS. This is the same as the second option presented by Tinkster
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx

evo2 01-07-2010 02:04 AM
Quote:
Originally Posted by elainelaw (Post 3817202)
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
Well, that would be Tinksters first suggestion. Give each of the new users a copy of the same private key (passphraseless). This is a pretty nasty approach.

Doing things securely can sometimes take a little effort to setup: adding each users public key to the authorized_keys2 is the way to go.

Evo2.

Tinkster 01-07-2010 12:08 PM
Quote:
Originally Posted by elainelaw (Post 3817202)
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
No, ssh doesn't have "such setting". I repeat: this is VERY
BAD PRACTICE, and you really shouldn't be doing it - heck, you
shouldn't even think about it ;}

But you could easily put the original .ssh/id_{dsa,rsa} private keys
into your systems skeleton directory (/etc/skel by default) and
use the -m flag when you create new users ...

And I repeat: while this can be done it's VERY BAD PRACTICE!!!
Just bite the bullet, maybe write a wrapper around useradd that
will do the key-generation for you as you create the user ... have
a service account with the privilege to write to anyones home on
the remote machine, and throw the newly created key at that
during user creation.



Cheers,
Tink


All times are GMT -5. The time now is 04:07 AM.