- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSH with publickey and password both
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 02:43 AM
тАО06-06-2009 02:43 AM
I have HP-UX 11.11 system with OpenSSH_4.2p1-hpn installed (T1471AA - HP Secure Shell).
To tighten security, I want the server system to allow client to give access only when
if client enters password (what he knows) and his public is matched with
the key stored in authorized_keys file.
Is is possible ? If yes how ?
Thanks in advance.
-Santosh Mhaskar
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 04:53 AM
тАО06-06-2009 04:53 AM
Re: SSH with publickey and password both
check this attached file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 05:53 AM
тАО06-06-2009 05:53 AM
Re: SSH with publickey and password both
a passphrase.
I know of no easy way to use the normal UNIX
password with SSH public-key authentication.
> To tighten security, [...]
Attempts like this can backfire.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2009 10:21 PM
тАО06-07-2009 10:21 PM
Re: SSH with publickey and password both
indicating unix password.
If I connect to Server using ssh -v option it gives following o/p
----------------------------
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
Password:
----------------------------
Here it is skiping 1st method of authn. i.e. publickey.
I want both type of authn. to happen. How can I achive this?
Also once ssh session is established, is there any method to get publickey of client?
Pl. help.
-Santosh Mhaskar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2009 11:26 PM
тАО06-07-2009 11:26 PM
Re: SSH with publickey and password both
How about public key ONLY access.
http://www.hpux.ws/?p=19
It is very secure.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 08:38 AM
тАО06-08-2009 08:38 AM
Re: SSH with publickey and password both
> debug1: Trying private key: /root/.ssh/identity
> debug1: Trying private key: /root/.ssh/id_rsa
> debug1: Trying private key: /root/.ssh/id_dsa
> debug1: Next authentication method: keyboard-interactive
> Password:
> ----------------------------
>
> Here it is skiping 1st method of authn. i.e. publickey.
It's not skipping it, it's trying it (with
three key file names), but it fails. Bad key
data, I'd guess.
> I want both type of authn. to happen. How
> can I achive this?
As I said, I know of no way to do it.
> Also once ssh session is established, is
> there any method to get publickey of
> client?
Huh?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 11:27 PM
тАО06-08-2009 11:27 PM
Re: SSH with publickey and password both
I am interested to know whether ssh connectivity can be established
by using both password and publickey because I want to restrict the user
to login from particular machine (client).
By using only publickey authn. I can do this but the security risk involved is,
any person who has access from that machine (client) would be able
to login to server.
If password authn. is also possible then only a person knowing password
also can access to server. Hence pl. tell me that using ssh whether password
and publickey authn. both are possible or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2009 05:48 AM
тАО06-09-2009 05:48 AM
Re: SSH with publickey and password both
> only a person knowing password
> also can access to server.
As I said before:
> You can create public-key files which use
>a passphrase.
And if you use public-key data which include
a passphrase, then only a person who knows
the passphrase can use those public-key data
to access the server. Why do you insist on
using the UNIX password instead of
public-key data with a passphrase?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2009 05:55 AM
тАО06-09-2009 05:55 AM
Re: SSH with publickey and password both
> to login from particular machine (client).
I don't see how any usual public-key scheme
with or without a passphrase will limit
access to "login from particular machine
(client)." From a particular _user_, yes,
but not from a particular client system.
> [...] any person who has access from that
> machine (client) would be able
> to login to server.
What is "that machine (client)"? Is it
completely insecure?
Public-key-with-passphrase still sounds (to
me) like what you really want, but it's not
entirely clear what you really want.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-09-2009 10:45 PM
тАО06-09-2009 10:45 PM
Re: SSH with publickey and password both
We have a system on which endusers connect to Unix Server using dumb-terminals/Thin-Clients through LTS (Lan Terminal Server).
This LTS is configured in fixedtty mode so that each terminal connected to specific port of LTS gets same pty/tty device file all the time.
We have app. that is having user previleges/roles associated to this pty/tty id.
eg.
user having pty/tty as /dev/ttys3 has admin role.
user having pty/tty as /dev/ttyp6 has manager role
etc.
This app. has security so that a person sitting only at terminal having pty ID as /dev/ttys3 and knows unix password can do work of manager.
We have such 9 systems and we not want to consolidate it into 1 system. There would be total 1500 users after consolidation. The problem of fixedtty system is it supports only 250 users per system.
Hence I am going to use ssh with publickey authn. only with passphrase. When I tested it with setting
PasswordAuthentication no
in sshd_config file and restarting sshd deamon, system is asking for passphrase and allows if correct passphrase is given. But if one gives wrong passphrase 3 times it goes for password authn.
-----------------------------
Connected to user1@server2 from user1@server1 giving incorrect passphrase
server1:/home/user1/.ssh>ssh -Y user1@server2
Enter passphrase for key '/home/user1/.ssh/id_rsa':
Enter passphrase for key '/home/user1/.ssh/id_rsa':
Enter passphrase for key '/home/user1/.ssh/id_rsa':
Password:
server1:/home/user1/.ssh>
--------------------------------
It seems
PasswordAuthentication no
setting not working. Either publickey or password authn. is working in this case. Hence for more security I want both publickey or password authn. using ssh is it possible? Why
PasswordAuthentication no
setting is not working?
Pl. help.
-Santosh