Operating System - Linux
1748265 Members
3789 Online
108760 Solutions
New Discussion юеВ

Re: password expiry on linux box

 
monu_1
Regular Advisor

password expiry on linux box

Hi Guru,

In my linux box, there is a normal user (let say xyz). This user password is subject to password controls (expires after configured number of days).

We used to scp login in this box as xyz user (a script which is hardcoded xyz user and its password) and collect few data from remote end.

Problem: Let say passowrd has been expired and obivously login as xyz user would failed after that and we couldn't fetch the data from this box remotly.

Question: What are the appropriate mechanism to acheive the data without affecting password exipry limitation?

Thanking you!
6 REPLIES 6
Steven E. Protter
Exalted Contributor

Re: password expiry on linux box

Shalom,

If the password expires, the scp transfer will stop. No way around that other than to insure the password does not expire.

The passwd command on Linux lets you set the expiration time as long as you want. If this user is not one that normally logs on the system, you can safely extend the expiration.

Be prepared to explain this to any security auditors that happen to notice it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jared Middleton
Frequent Advisor

Re: password expiry on linux box

I find it best to separate accounts used primarily for interactive user login from those used primarily for batch/cron type access.

For the latter, cron jobs would also fail if the account password "expires". So, I generally set password expiration to Never, but also disable interactive password login. Then, sudo is configured for local "sudo -u USERID COMMAND" access only.

If you're using SSH (and it sounds like you are with scp), you could setup a passwordless public/private key relationship between the source and target hosts that would not be affected by password expiration.
dirk dierickx
Honored Contributor

Re: password expiry on linux box

like above, i suggest to use passwordless login using a published key. i don't know who or how your script is used, but hardcoding passwords all over the place is a pita.
Donny Jekels
Respected Contributor

Re: password expiry on linux box

make the user account not to expire ever.
"Vision, is the art of seeing the invisible"
monu_1
Regular Advisor

Re: password expiry on linux box

Thanks all for support. I will go with Steve.

Disbaled password expiry for normal user in the box at the time of start-up level.

chage -M -1

BR,

MKS
Tim Nelson
Honored Contributor

Re: password expiry on linux box

FYI,

you only need to execute the chage command once. ( no need to include in a boot script )

in an effort to maintain some additional security why not set up ssh keys, restrict this account to sftp only and use a batch file that does not include a visable password.