HPE Community
Operating System - HP-UX
1819901 Members
2621 Online
109607 Solutions
New Discussion юеВ

Re: scp with nopassword does not work

 
Martin Thoma
New Member

тАО04-16-2003 06:52 AM

тАО04-16-2003 06:52 AM

scp with nopassword does not work

I configured ssh running scp with using nopassword for certain users.
Everything's working fine, but when I lock (passwd -l user) user account on the receiver host, scp is asking for password. ==> why?

I find out, if I change user password instead locking, scp with nopassword's working again.

I need to lock that account and scp still should work. Is there any help?
0 Kudos
Reply
6 REPLIES 6
Tyler Easterling
Advisor

тАО04-16-2003 07:18 AM

тАО04-16-2003 07:18 AM

Re: scp with nopassword does not work

Sounds to me like you are using a version of ssh that uses PAM, since the defaults for PAM include the password management methods then when the account is locked ssh notices and locks it's portion as well.

You should be able to add an ssh specific entry inside of your /etc/pam.conf file that will not require password management for ssh.

something like:
login password optional /usr/lib/security/libpam_unix.1

Tyler Easterling
0 Kudos
Reply
Tyler Easterling
Advisor

тАО04-16-2003 07:50 AM

тАО04-16-2003 07:50 AM

Re: scp with nopassword does not work

Upon further reflection, just replace:
ssh auth required /usr/lib/security/pam_unix.so.1
with:
ssh auth optional /usr/lib/security/pam_unix.so.1

You might also look at the man pages for pam_user.conf(4) for more granular configuration.


Tyler Easterling
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО04-16-2003 08:57 AM

тАО04-16-2003 08:57 AM

Re: scp with nopassword does not work

Locking an account denies it access. I think things are working write.

You may want to try exchanging public keys again. Just in case I'm attaching a document.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Martin Thoma
New Member

тАО04-17-2003 07:55 AM

тАО04-17-2003 07:55 AM

Re: scp with nopassword does not work

I don't use PAM! Are there other suggestions? Take time ... I'm on holiday for the next 14 days. ;-)
0 Kudos
Reply
Michael R. Monteith
Advisor

тАО06-03-2003 05:23 AM

тАО06-03-2003 05:23 AM

Re: scp with nopassword does not work

If you do not want to be prompted for a login password when using ssh and sftp, a secure way to be authenticated by an ssh server is to use key-based authentication. This can be accomplished by generating your own pair of public/private keys on the client host and copying the public key to the server. These procedures work with openSSH and may not be applicable to other implementations of the SSH protocol. Be aware that using key-based authentication creates a trusted relationship between two computers and can be a security concern.

1. Execute ssh-keygen ???t rsa to generate your keys, accept the default file name and path (~/.ssh/id_rsa). Press enter twice to use an empty password, adding a password here would be defeating our purpose, for you would prompted for a password when connecting.

There is another option I'm exploring to fix the security concern. That is an option in SSH that you can have it execute a script which could be used to verify the source of the file, size, etc. to ensure it's not an attack.

Michael
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО06-03-2003 07:37 AM

тАО06-03-2003 07:37 AM

Re: scp with nopassword does not work

An important point from the doc I attached is permissions on the authorized_keys file

They need to be 644.

chmod 444 authorized_keys

Problems suddenly disa[[aer after this is done.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.