Replacing User Authentication Method (with version)

From: Greg Waltz (gwaltz_at_catalystcorp.com)
Date: 09/21/04

  • Next message: Shawn Duffy: "Re: OpenSSH -- a way to block recurrent login failures?"
    Date: Tue, 21 Sep 2004 11:12:52 -0400
    To: secureshell@securityfocus.com
    
    

    I am working on a system that runs sshd to allow access to a particular
    application on the system. There is a shell-type application that
    authenticates the user with the main application and provides the UI.
    Currently, the client must send a user name when connecting via ssh
    (i.e. ssh dummy@host). The user name, dummy, is a user in /etc/passwd
    that has no password. The sshd_config allows empty passwords so that the
    user goes directly to the shell application, which takes care of the
    actual user authentication.

    What I would like to do is to eliminate the dummy user and have
    authentication take place via the proprietary shell application. For
    example, I am already using agetty to do the same on non-network
    consoles: "agetty -n -l /usr/bin/myshell -L /dev/console_device bps
    term_type"
    Similarly, I am also using "in.telnetd -L /usr/bin/myshell" to do the
    same for telnet.

    What is a good way to replace/bypass ssh's user authentication?
    Is PAM the way to do something like that?

    I am using Open SSH 3.8.1p1.

    Thanks

    -- 
    Greg Waltz
    

  • Next message: Shawn Duffy: "Re: OpenSSH -- a way to block recurrent login failures?"

    Relevant Pages

    • Re: Setting up SSH on Snow Leopard
      ... The above indicates that the only two methods of authentication ... I did *not* enable the publickey or ... keyboard-interactive methods in my client. ... being advertised by the SSH server on the Mac client? ...
      (comp.sys.mac.system)
    • Re: authentication problem
      ... I have an authentication issue with ssh that i'd like to ask for clues ... but owner? ... Could you make sure ~/.ssh on both machines is only read/write ...
      (Fedora)
    • Re: Setting up SSH on Snow Leopard
      ... a Terminal window on the Mac and try "ssh localhost". ... authentication methods, and is either of those preferred from a security ... the most secure configuration will offer the least amount ... If you want to harden your SSH server, ...
      (comp.sys.mac.system)
    • Re: Setting up SSH on Snow Leopard
      ... The above indicates that the only two methods of authentication the SSH ... server is allowing are publickey and keyboard-interactive. ... client is trying to use, so presumably that could be a reason it is failing. ...
      (comp.sys.mac.system)
    • Re: sshd handing all authentication to shell
      ... >I would like to use SSH for transport only into an embedded device. ... >login/password authentication but since it is using SSH for transport, ... You don't state what SSH server you're planning to use, ... I believe that in principle a client should be able to request ...
      (comp.security.ssh)