Re: Different SSH auth method for one user



theillien wrote:
Lusotec wrote:
theillien wrote:
We utilize RSA authentication for our servers. However, we have one
customer that needs to automate an sftp connection. This is failing
because SSH is expecting a pin+token code pair. What do I need to look
at for configuration to allow the one user to authenticate with keys
while keeping RSA in place for everyone else?

If you want to automate sftp file transfers then using public/private
keys is the best option. Keep the configuration unchanged on the server
and on the on the client side either don't encrypt the private key (less
safe but fully automated) or use ssh-agent and have someone, once per
session, enter the password to load the key in to the agent with ssh-add
(safer but not fully automated). Either is better than using
username/password pairs.

Thanks for the info. So I don't need to make any special
considerations to allow one user to do this?

If ssh/sshd is already using public/private key authentication (from your
description it seams to be) then the only thing to do to have one user login
automatically is to setup is public key in the server, and the private key
in the client. sftp client will use the private key automatically without
user intervention.

To fully automate the process don't encrypt the private key. If you want the
private key to be encrypted in the client, for better security, then you
will need to setup ssh-agent on the client and have someone enter the
password once per session.

Does SSH automatically try different methods if one fails?

ssh tries all the enabled authentication methods until one works or all have
been tried.

<http://www.ssh.com/support/documentation/online/
ssh/adminguide/32/Authentication_Methods.html>

That sounds like something which would be configured in our PAM settings.
Perhaps I should look there for some insight on how this works.

Don't mess with PAM. Just use public/private keys. Simpler, easier, safer.

Regards.

.



Relevant Pages

  • Re: Modify and move users
    ... I have a lot of client to move from one domain to another. ... tool but I'm searching to automate these tasks. ... In the same migration process I have to change the home drive (drive and ... Does it a tools to automate this - or a script or a batch file for ...
    (microsoft.public.windows.server.active_directory)
  • Re: How install Access app on client PCs ?
    ... To automate the initial distribution you'd use VB Script or something ... > installing on 50-100 client PC's. ... > initial install and when versions change. ...
    (microsoft.public.access.gettingstarted)
  • Document Creation
    ... I'm busy with a proof of concept at a ... client, an investment bank, who has a requirement to automate the monthly ...
    (microsoft.public.word.vba.beginners)
  • Re: can i recive a txt file from client to my servlet?
    ... i'm new in java servlets. ... your client will have to explicitly upload a file to your server. ... > You can not automate that (not without using signed applets or something ...
    (comp.lang.java.help)
  • Re: Different SSH auth method for one user
    ... because SSH is expecting a pin+token code pair. ... and on the on the client side either don't encrypt the private key (less ... automatically is to setup is public key in the server, and the private key ... To fully automate the process don't encrypt the private key. ...
    (comp.os.linux.security)