Can anybody help me in this matter?
Is there any way to authenticate one user through key and another user
through password?
Any suggestions?
Regds,
Pravin
----- Original Message -----
From: "Robert Hajime Lanning" <robert.lanning@gmail.com>
To: <secureshell@securityfocus.com>
Sent: Thursday, August 12, 2004 6:12 AM
Subject: Re: ACL problems, any suggestions would be great
For authentication you can look into:
RhostsRSAAuthentication yes
HostbasedAuthentication yes
As for restricting to execution of a single command, I don't think
OpenSSH can do it.
I think the comercial SSH from http://www.ssh.com/ can.
On Tue, 10 Aug 2004 13:57:35 -0400 (EDT), Bryan Loniewski
<brylon@jla.rutgers.edu> wrote:
Here is what we'd like to do:
User logs into some machine (frontend) starts pine, pine ssh's to
another machine
(backend) where their mail is actually stored in Maildir format and exec
/etc/rimapd.
We want to do this without the user having to enter a password again on
the backend
machine.
Here are the problems:
We don't want to use public-key.
We don't want these users (the ones typing pine) to be allowed to login
to the remote
machine (backend).
We don't want them to be allowed to execute any commands on the remote
machine (with the
exception of "exec /etc/rimapd".
I could not come up with a solution to solve this problem with openssh.
I started looking
for other open implementations of secure shell and lsh caught my eye.
Lsh appealed to me
because you could specify a login shell for all users that would
override the login shell
in the passwd db (this was perfect since we could then create a shell
called rimapd and
it just executed /etc/rimapd). The reason I could not go with this
solution is lsh
does not have trusted host authentication mechanisms, so there was no
way to have
passwordless logins.
Any suggestions?
Thanks.
Bryan
--
END OF LINE
-MCP
