HPE Community
Operating System - HP-UX
1820243 Members
2544 Online
109621 Solutions
New Discussion юеВ

Re: password file for trusted system

 
hmorrison
Advisor

тАО07-19-2006 08:39 AM

тАО07-19-2006 08:39 AM

password file for trusted system

Where can I find the password encrypted file if I am running a trusted environment. Using HPUX11.11.
0 Kudos
Reply
10 REPLIES 10
Mel Burslan
Honored Contributor

тАО07-19-2006 08:45 AM

тАО07-19-2006 08:45 AM

Re: password file for trusted system

there is no single passwd file as it is in non-trusted systems. there are individual files for every each user on the system under the structure like this:

/tcb/files/auth/r/root
/tcb/files/auth/o/operator

and so on.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
hmorrison
Advisor

тАО07-19-2006 09:30 AM

тАО07-19-2006 09:30 AM

Re: password file for trusted system

Thanks that helped partially, however, I maybe needed to have asked, how do I setup a user to use private and public key access instead of password access.
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО07-19-2006 09:37 AM

тАО07-19-2006 09:37 AM

Re: password file for trusted system

You would have to install Secure Shell and then set the keys for the user. They are generally stored in a .ssh directory under the users home directory (~/.ssh).
0 Kudos
Reply
Hunki
Super Advisor

тАО07-19-2006 09:38 AM

тАО07-19-2006 09:38 AM

Re: password file for trusted system

You would need to setup ssh for this.

Refer to this doc :

http://docs.hp.com/en/T1471-90015/ch01s13.html
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-19-2006 10:57 AM

тАО07-19-2006 10:57 AM

Re: password file for trusted system

Assuming you have ssh installed by now, so follow these steps and tweak if you need some other variation

--login or su to the user (don't do this as root for easier permission manipulation)

--mkdir .ssh

/opt/ssh/bin/ssh/ssh-keygen -t dsa

at this point, you will be asked to enter a pass phrase. If you do not want pass phrase authentication hit enter without touching any other key. (twice)

now you have two files

$HOME/.ssh/id_dsa
$HOME/.ssh/id_dsa.pub

log out and log back in as root

copy .pub file to the other user's home directory

cp ~myusername/.ssh/id_dsa.pub ~otherusername/.ssh

cd ~otherusername/.ssh
cat id_dsa.pub >> authorized_keys

log out from root

At this point, if you are logged in as myusername and want to ssh to otherusername, just run command

ssh otherusername@hostname

this procedure is valid for local and remote system users. Only difference is, when copying, you need to find a way (rcp, ftp and what other way you have) to transfer the id_dsa.pub file to the remote system.

Also, make sure that any user's .ssh directory has no more open than permission 700 and owned by the username itself.

authorized_keys file must be no more open than 640 and id_dsa file is at most 600. anything more open than this, you will get denied access.

Hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Khashru
Valued Contributor

тАО07-19-2006 11:31 AM

тАО07-19-2006 11:31 AM

Re: password file for trusted system

Go through the attached document. I will give step by step how to setup a password less ssh account.
0 Kudos
Reply
hmorrison
Advisor

тАО07-25-2006 04:12 AM

тАО07-25-2006 04:12 AM

Re: password file for trusted system

Thanks all, the information from Mel Burslan helped me to set up the public/private key, however I am still having a problem. I need the user to login without being prompted to enter a password. What do I need to do
0 Kudos
Reply
Patrick Wallek
Honored Contributor

тАО07-25-2006 04:18 AM

тАО07-25-2006 04:18 AM

Re: password file for trusted system

If you have exchanged the public keys and have everything set up correctly, then you should not have to enter a password.

That being said, the issue that causes 95% of problems with SSH is permissions. You must veirfy permissions on the users home directory and .ssh directory. There must NOT be any world write permissions on the directory.

To see more information do an 'ssh -vvv hostname' (that is 3 v's for very very verbose). Also check the /var/adm/syslog/syslog.log file on the system you are ssh'ing to for any errors. They should be logged there.
0 Kudos
Reply
hmorrison
Advisor

тАО07-25-2006 05:44 AM

тАО07-25-2006 05:44 AM

Re: password file for trusted system

Thanks again, the users directory has the permission set to 755. There are no ssh errors in /var/adm/syslog/syslog.log. I checked ssh -vvv hostname, however after listing a lot of debugs, I was prompted for a password. I am not sure what password is expected. I am not sure how to read the ssh -vvv hostname. I am not sure what else to do.
0 Kudos
Reply
Mel Burslan
Honored Contributor

тАО07-25-2006 07:32 AM

тАО07-25-2006 07:32 AM

Re: password file for trusted system

make the connection initiating user's id_dsa file permissions as 600

make both the connection initiating user's and the connection receiving user's .ssh directory permissions as 700

make connection receiving user's authorized_keys file permissions as 640

retry

this should work if your keys are correctly copied. having said that, sometimes people try cutting and pasting the key files among several different terminal sessions, especially x-terminals, which I painfully found out that, sometyimes insert extra line breaks. Those extroneus characters are dealbreakers in the passwordless authentication. If you have done such key copying, I'd strongly suggest to check for such typo errors on the side.

hope this helps
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.