Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to use a MySQL database to authenticate SSH connections to a linux SSHD server?
I've seen the pam module pam_mysql, and sort of have an idea how it works, but I was just wondering if anyone else has implemented something like it and to find out how it went?
Originally posted by nex6 ssh is authencated from the OS, altho you can add group access control to sshd,
and then just add users you want to have access to ssh to that group.
-Nex6
I don't think you understood the question.
SSH uses PAM to enable it to authenticate users using /etc/passwd and/or /etc/shadow. I want to be able to authenticate people to SSH using a MySQL database/table, where everyones username/password/account details are stored in it, hence the pam_mysql module.
make sure you hash your data that's sitting in the MySQL database.
isn't this engineering a serious hole into your security model? i'd imagine it's much easier to brute-force into a MySQL database than it is to exploit an sshd overflow or jack password files.
if this is to give users that register accounts with a webpage a shell access, then i understand what you're up to, but otherwise i'd just stick to giving people shell accounts with "default" passwords (email them with login/pass and tell them to change the default password).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.