LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-06-2010, 09:16 PM   #1
elainelaw
Member
 
Registered: Jan 2008
Posts: 258

Rep: Reputation: 30
release all user to ssh without password


I use the ssh-keygen -t rsa to release user to connect another server without input password , but it seems only release to a specific user , can advise if I want all user can login a specific a/c in remote server without input password , what can i do ? thx
 
Old 01-06-2010, 09:29 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).


Cheers,
Tink
 
Old 01-07-2010, 01:36 AM   #3
elainelaw
Member
 
Registered: Jan 2008
Posts: 258

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Tinkster View Post
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).


Cheers,
Tink
Thx reply ,

I really want to do that , but I am not understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx

Last edited by elainelaw; 01-07-2010 at 02:40 AM.
 
Old 01-07-2010, 01:40 AM   #4
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726

Rep: Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706
Quote:
Originally Posted by elainelaw View Post
Thx reply ,

I really want to do that , but I am understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.

Evo2.

PS. This is the same as the second option presented by Tinkster

Last edited by evo2; 01-07-2010 at 01:42 AM.
 
Old 01-07-2010, 02:46 AM   #5
elainelaw
Member
 
Registered: Jan 2008
Posts: 258

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by evo2 View Post
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.

Evo2.

PS. This is the same as the second option presented by Tinkster
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
 
Old 01-07-2010, 03:04 AM   #6
evo2
LQ Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726

Rep: Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706Reputation: 1706
Quote:
Originally Posted by elainelaw View Post
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
Well, that would be Tinksters first suggestion. Give each of the new users a copy of the same private key (passphraseless). This is a pretty nasty approach.

Doing things securely can sometimes take a little effort to setup: adding each users public key to the authorized_keys2 is the way to go.

Evo2.

Last edited by evo2; 01-07-2010 at 03:05 AM. Reason: Typo
 
Old 01-07-2010, 01:08 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally Posted by elainelaw View Post
Thanks reply ,

you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
No, ssh doesn't have "such setting". I repeat: this is VERY
BAD PRACTICE
, and you really shouldn't be doing it - heck, you
shouldn't even think about it ;}

But you could easily put the original .ssh/id_{dsa,rsa} private keys
into your systems skeleton directory (/etc/skel by default) and
use the -m flag when you create new users ...

And I repeat: while this can be done it's VERY BAD PRACTICE!!!
Just bite the bullet, maybe write a wrapper around useradd that
will do the key-generation for you as you create the user ... have
a service account with the privilege to write to anyones home on
the remote machine, and throw the newly created key at that
during user creation.



Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
allowing ssh connection without password as user how do I do it...? Alexvader Slackware 16 01-15-2011 09:52 PM
user password not accepted when using SSH to a remote linux box emeak Linux - Newbie 2 08-06-2009 08:10 AM
User Password change and Reverse SSH metallica1973 Linux - Server 2 02-18-2009 03:02 PM
ssh login without password for only one user zhjim Linux - Server 4 11-21-2006 05:31 PM
ssh without user password question tonyfreeman Linux - Security 2 10-26-2004 12:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration