Re: Allowing user w/out local account to log in
- From: Nico Kadel-Garcia <nkadel@xxxxxxxxx>
- Date: Fri, 11 Apr 2008 00:07:02 -0700 (PDT)
On 10 Apr, 22:56, ltdill...@xxxxxxxxx wrote:
Greetings,
This is probably an easy question for you experts, but I'm not one of
you!
We want to allow any user to remotely SSH into our server. They won't
have an account on the server. We plan on using PAM to "redirect" all
SSH requests to a particular command-line application. The username
will be passed along to this application which will verify if it's OK
to proceed.
I have a bare-bones PAM module that supports all four services; right
now it gives success to all of them. However, I see SSH failing out
when an unknown user attempts to connect, even though my PAM module's
'pam_sm_authenticate' gets called. Here's the syslog output (my
module is outputting the last line):
Apr 9 21:28:23 nemi-011 sshd[1467]: WARNING: /etc/ssh/moduli does not
exist, using fixed modulus
Apr 9 21:28:23 nemi-011 sshd[1467]: Invalid user bob from xx.xx.xx.xx
Apr 9 21:28:23 nemi-011 sshd[1467]: pam_sm_authenticate
So how would one allow a user that did not have a local account to get
access?
Thank you.
Why aren't you using multiple SSH keys for the same user account on
the server? And if you only want file sharing, not shell access, I'd
suggest using WebDAV over HTTPS instead. OpenSSH, at least, does not
have good chroot capability built in to isolate hte users from the
operating system.
.
- Follow-Ups:
- Re: Allowing user w/out local account to log in
- From: ltdillard
- Re: Allowing user w/out local account to log in
- References:
- Allowing user w/out local account to log in
- From: ltdillard
- Allowing user w/out local account to log in
- Prev by Date: Allowing user w/out local account to log in
- Next by Date: Re: Allowing user w/out local account to log in
- Previous by thread: Allowing user w/out local account to log in
- Next by thread: Re: Allowing user w/out local account to log in
- Index(es):
Relevant Pages
|
|
