Is it possible to use a MySQL database to authenticate SSH connections to a linux SSHD server?

I've seen the pam module pam_mysql, and sort of have an idea how it works, but I was just wondering if anyone else has implemented something like it and to find out how it went?

ssh is authencated from the OS, altho you can add group access control to sshd,

and then just add users you want to have access to ssh to that group.


-Nex6

I don't think you understood the question.

SSH uses PAM to enable it to authenticate users using /etc/passwd and/or /etc/shadow. I want to be able to authenticate people to SSH using a MySQL database/table, where everyones username/password/account details are stored in it, hence the pam_mysql module.

Any other advice welcomed

Cheers,
Wellard.

If this is practicable, then you need to copy all the username/passwords to a mysql table.

make sure you hash your data that's sitting in the MySQL database.

isn't this engineering a serious hole into your security model? i'd imagine it's much easier to brute-force into a MySQL database than it is to exploit an sshd overflow or jack password files.

if this is to give users that register accounts with a webpage a shell access, then i understand what you're up to, but otherwise i'd just stick to giving people shell accounts with "default" passwords (email them with login/pass and tell them to change the default password).

just some thoughts.

when logging in via ssh, the ssh daemon checks some files in ~/, so it can
be done if the user already have a valid home directory.

check out the pam-mysql module.