passwd-less logins for SOME accounts, passwd required for ALL others?
From: Alexander N. Spitzer (aspitzer@spitzer.org)
Date: 12/16/02
- Previous message: sudhakar: "Problem with shared keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Dec 2002 11:29:20 -0500 (EST) From: "Alexander N. Spitzer" <aspitzer@spitzer.org> To: secureshell@securityfocus.com
SHORT:
---------
Is it possible to allow only a handful of accounts the ability to
ssh/scp/etc without a passwd, while FORCING all other users to require a
passwd to connect?
LONG:
---------
The only solution so far is to run 2 instances of SSH
1) 1 instances runs on port 22, and does not allow passwdless access
2) 1 instances runs on port 2222, and allows passwdless access
(authorized_keys) , but in the sshd_config there is the line:
AllowUsers user1 user2 user3
so only users user1 user2 user3 have access to this version...
This seems less that optimal though, because we will either have to add
"-p 2222" to all jobs that currently use SSH, or add a ~.ssh/config in all
the homes of the accounts that need to default to the instances running on
port 2222...
There also is the option of using an ssh-agent, but this seems no good
because it requires manual input at times...
I have looked through the man pages, and searched this list via the web
interface, but I have not been able to find the holy grail...
Is there any directive in sshd that specifies something like
AllowAuthorizedKeys user1 user2 user3
TIA!
-alex
--------------------------
Name : Alexander N. Spitzer
Web : http://www.spitzer.org
- Next message: Thomas Jordan: "Open SSh 3.5p1 build on OSX...."
- Previous message: sudhakar: "Problem with shared keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
