[TriLUG] sshd question
Blackburn, Marvin
mblackburn at glenraven.com
Thu Mar 9 09:49:53 EST 2006
These are all great ideas; however, the application has to be able to
login (with a password) to boxb.
Unfortunately, I'm not looking for a work around. I've got to be able
to allow this.
What I want to do, though, is only allow that functionality between box
a and b.
These are all great ideas, but they don't match what I'm trying to do.
> -----Original Message-----
> From: trilug-bounces at trilug.org
> [mailto:trilug-bounces at trilug.org] On Behalf Of paul
> Sent: Wednesday, March 08, 2006 10:21 PM
> To: Triangle Linux Users Group discussion list
> Subject: Re: [TriLUG] sshd question
>
> On 3/8/06, Brian Henning <brian at strutmasters.com> wrote:
> > Can you specify an alternate port? Run a separate instance
> of SSHD on a
> > nonstandard port, configured to allow root login and firewalled (or
> > tcpwrappered) to only allow connections from the one machine, maybe?
> >
> > Would take some trickery with startup scripts, but I bet it could be
> > done, if esxranger will let you specify the port.
> >
> > ~Brian
> >
> >
> > Blackburn, Marvin wrote:
> > > its esxranger, the ability to log on as an alternate user
> and su to root
> > > doesn't work -- bug.
> > > so I need to allow root from a to b but only from a to b
> > >
> > >
> > >>-----Original Message-----
> > >>From: trilug-bounces at trilug.org
> > >>[mailto:trilug-bounces at trilug.org] On Behalf Of Rick DeNatale
> > >>Sent: Wednesday, March 08, 2006 5:04 PM
> > >>To: Triangle Linux Users Group discussion list
> > >>Subject: Re: [TriLUG] sshd question
> > >>
> > >>On 3/8/06, Blackburn, Marvin <mblackburn at glenraven.com> wrote:
> > >>
> > >>>Unfortunately, this wont work -- it has to be root
> > >>
> > >>Does it have to use password authorization? Another
> option is to use
> > >>key pairs.
> > >>
> > >>You can also force the command that gets executed by putting the
> > >>command into the .ssh/authorized_keys file in root's home
> directory.
> > >>It's a little tricky but you can execute a script which
> "wraps" the
> > >>command being executed by the ssh client.
> > >>
> > >>But why does it HAVE to be root, is the user not
> configurable? What's
> > >>the application?
> > >>
> > >>--
> > >>Rick DeNatale
> > >>
> > >>Visit the Project Mercury Wiki Site
> > >>http://www.mercuryspacecraft.com/
> > >>--
> > >>TriLUG mailing list :
> > >>http://www.trilug.org/mailman/listinfo/trilug
> > >>TriLUG Organizational FAQ : http://trilug.org/faq/
> > >>TriLUG Member Services FAQ :
> http://members.trilug.org/services_faq/
> > >>
> > >>
> > >
> > >
> >
> > --
> > ----------------
> > Brian A. Henning
> > strutmasters.com
> > 336.597.2397x238
> > ----------------
> > --
> > TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
>
> Actually, this is rather simple if you can use ssh keys. Generate a
> key on box A. Put the public key in the authorized_keys file in .ssh
> on box B. Then change the line in sshd_config to:
>
> PermitRootLogin without-password
>
> That option allows root logins via ssh with a key. You will not be
> able to log in over ssh as root with a password, though it will not
> inhibit the ability to ssh in as a regular user with a password and su
> to root.
>
> Hope that is helpful.
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>
More information about the TriLUG
mailing list