Re: Different SSH auth method for one user



theillien wrote:
Lusotec wrote:
theillien wrote:
We utilize RSA authentication for our servers. However, we have one
customer that needs to automate an sftp connection. This is failing
because SSH is expecting a pin+token code pair. What do I need to look
at for configuration to allow the one user to authenticate with keys
while keeping RSA in place for everyone else?

If you want to automate sftp file transfers then using public/private
keys is the best option. Keep the configuration unchanged on the server
and on the on the client side either don't encrypt the private key (less
safe but fully automated) or use ssh-agent and have someone, once per
session, enter the password to load the key in to the agent with ssh-add
(safer but not fully automated). Either is better than using
username/password pairs.

Thanks for the info. So I don't need to make any special
considerations to allow one user to do this?

If ssh/sshd is already using public/private key authentication (from your
description it seams to be) then the only thing to do to have one user login
automatically is to setup is public key in the server, and the private key
in the client. sftp client will use the private key automatically without
user intervention.

To fully automate the process don't encrypt the private key. If you want the
private key to be encrypted in the client, for better security, then you
will need to setup ssh-agent on the client and have someone enter the
password once per session.

Does SSH automatically try different methods if one fails?

ssh tries all the enabled authentication methods until one works or all have
been tried.

<http://www.ssh.com/support/documentation/online/
ssh/adminguide/32/Authentication_Methods.html>

That sounds like something which would be configured in our PAM settings.
Perhaps I should look there for some insight on how this works.

Don't mess with PAM. Just use public/private keys. Simpler, easier, safer.

Regards.

.