Re: prompt or not prompt for the password depending on the user

In article <1182396993.907439.287390@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wong_powah@xxxxxxxx writes:

To clarify:
I want the server to prompt or not prompt for the password depending
on the user and client.
How to do that?
Can host based authentication (using ~/.ssh/authorized_keys, etc) do
that?

HostbasedAuthentication doesn't use authorized_keys, that's for
PubkeyAuthentication. Anyway the answer is "sort of" for both - i.e. it
can be set up the way you want, but you normally can't make sure it
stays that way.

HostbasedAuthentication isn't used much, since the security is pretty
weak - I believe it's disabled by default in most sshd installations.
But anyway you could set it up with the client's public key in that
user's ~/.shosts file, and IgnoreRhosts=no in sshd_config. But then
normally nothing prevents that user from adding other client public
keys to his ~/.shosts, or other users from adding any client public keys
to theirs.

With PubkeyAuthentication, you could set up that user's
~/.ssh/authorized_keys with the *user's* public key, and the added
restriction of a from= option. But then normally nothing prevents that
user from removing that restriction, or other users from putting
whatever they want in their ~/.ssh/authorized_keys. Of course this
situation is the default in most sshd installations.

All of the above applies to OpenSSH, don't know about others, you didn't
say what SSH implementation you were asking about.

--Per Hedeland
per@xxxxxxxxxxxx
.

Relevant Pages

  • Re: prompt or not prompt for the password depending on the user
    ... I want the server to prompt or not prompt for the password depending ... on the user and client. ... But anyway you could set it up with the client's public key in that ... With PubkeyAuthentication, you could set up that user's ...
    (comp.security.ssh)
  • Connecting WinXP box to Mandrake running sshd...
    ... Linux box with. ... I installed ssh (client) in XP. ... but still I only get the prompt. ...
    (comp.security.ssh)
  • Re: Using VFP8 with GOTOMYPC.com
    ... I do not have a client but have a p to p network at the ... Using the PROMPT I would have to keep selecting the printer. ... for remote control, and I've been very pleased with it. ... add the PROMPT option to the REPORT command. ...
    (microsoft.public.fox.programmer.exchange)
  • Re: How to set up an DRP 6.0 connection to not prompt the end user 5 t
    ... The version referenced in the article is essentially the old client version with the default printer only capability added. ... As for using the new version, you can create a .rdp file for your users to use that will mimic the behavior of the old client. ... If you want to enable clipboard redirection, change the appropriate line in the file from a 0 value to a 1 value. ... Be aware that the user will have to respond to a security prompt if you enable clipboard redirection. ...
    (microsoft.public.windows.terminal_services)
  • RE: Sharepoint prompts for login credentials when not necessary
    ... \par Based on my experience, if this issue occurs on all the client, you need to check the Authentication Settings: ... \par Also, add the SharePoint site to your IE trusted zone, and make sure the "Automatic logon with current user name and password" is selected under User Authentication section in the Trusted Sites Security Settings. ... \par You are prompted to enter your credentials when you access an FQDN site by using a Windows Vista-based client computer that has no proxy configured ... \par login prompt and I can get in/open the document or do whatever I was doing. ...
    (microsoft.public.sharepoint.windowsservices)