Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-06-2010, 09:16 PM
|
#1
|
Member
Registered: Jan 2008
Posts: 258
Rep:
|
release all user to ssh without password
I use the ssh-keygen -t rsa to release user to connect another server without input password , but it seems only release to a specific user , can advise if I want all user can login a specific a/c in remote server without input password , what can i do ? thx
|
|
|
01-06-2010, 09:29 PM
|
#2
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).
Cheers,
Tink
|
|
|
01-07-2010, 01:36 AM
|
#3
|
Member
Registered: Jan 2008
Posts: 258
Original Poster
Rep:
|
Quote:
Originally Posted by Tinkster
You'd have to share the .ssh/id_dsa and/or ~/.ssh/id_rsa to
all users, but that would be BAD practice albeit quite
quick, or run the ssh-keygen & ssh-copy-id part for every one
of them (much better and cleaner - somewhat more work).
Cheers,
Tink
|
Thx reply ,
I really want to do that , but I am not understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx
Last edited by elainelaw; 01-07-2010 at 02:40 AM.
|
|
|
01-07-2010, 01:40 AM
|
#4
|
LQ Guru
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726
|
Quote:
Originally Posted by elainelaw
Thx reply ,
I really want to do that , but I am understand what you said . The current practice is I use ssh-keygen to generate id_rsa.* then I copy it to remote server and put to .ssh , it works now but I need to do it repeatly if have new user , if I want everyone can ssh to a specific a/c without password , what can i do ? thx
|
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.
Evo2.
PS. This is the same as the second option presented by Tinkster
Last edited by evo2; 01-07-2010 at 01:42 AM.
|
|
|
01-07-2010, 02:46 AM
|
#5
|
Member
Registered: Jan 2008
Posts: 258
Original Poster
Rep:
|
Quote:
Originally Posted by evo2
You can do this by adding each users public key to the .ssh/authorized_keys2 file for the common user which they will ssh to. Ie the file ~commonuser/.ssh/authorized_keys2 should have multiple lines, each line containing the public key of each user.
Evo2.
PS. This is the same as the second option presented by Tinkster
|
Thanks reply ,
you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
|
|
|
01-07-2010, 03:04 AM
|
#6
|
LQ Guru
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and CentOS
Posts: 6,726
|
Quote:
Originally Posted by elainelaw
Thanks reply ,
you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
|
Well, that would be Tinksters first suggestion. Give each of the new users a copy of the same private key (passphraseless). This is a pretty nasty approach.
Doing things securely can sometimes take a little effort to setup: adding each users public key to the authorized_keys2 is the way to go.
Evo2.
Last edited by evo2; 01-07-2010 at 03:05 AM.
Reason: Typo
|
|
|
01-07-2010, 01:08 PM
|
#7
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally Posted by elainelaw
Thanks reply ,
you said "by adding each users public key to.." that mean I need to do it repeatly when have new user in local server ? what I want is to let all existing user / future user can do that without repeatly generate the public key , just like the rcp command , after I add * * to .rhosts at remote server then ALL users can rlogin / rcp to this server without input password , can ssh have such setting ? thx
|
No, ssh doesn't have "such setting". I repeat: this is VERY
BAD PRACTICE, and you really shouldn't be doing it - heck, you
shouldn't even think about it ;}
But you could easily put the original .ssh/id_{dsa,rsa} private keys
into your systems skeleton directory (/etc/skel by default) and
use the -m flag when you create new users ...
And I repeat: while this can be done it's VERY BAD PRACTICE!!!
Just bite the bullet, maybe write a wrapper around useradd that
will do the key-generation for you as you create the user ... have
a service account with the privilege to write to anyones home on
the remote machine, and throw the newly created key at that
during user creation.
Cheers,
Tink
|
|
|
All times are GMT -5. The time now is 02:22 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|