Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ACL problems, any suggestions would be great

from [Turner, Carl H [NTK]] Network Security [Permanent Link]
Subject: RE: ACL problems, any suggestions would be great
Date: Mon, 16 Aug 2004 10:01:04 -0500 
With a shared account? Yes. You can use multiple keys in your
authorized_keys (OpenSSH). If the user has a matching private, it'll key
it. If there's no match, password will be prompted for.

As for running a single command once the user auths. (Just posted on
this) Look into the command="" option for the authorized_keys (OpenSSH)
file.


-Carl

-----Original Message-----
From: ALERT [mailto:Alert@sifycorp.com] 
Sent: Thursday, August 12, 2004 12:18 AM
To: robert.lanning@gmail.com; secureshell@securityfocus.com
Subject: Fw: ACL problems, any suggestions would be great

Can anybody help me in this matter?

Is there any way to authenticate one user through key and another user
through password?

Any suggestions?

Regds,
Pravin

----- Original Message ----- 
From: "Robert Hajime Lanning" <robert.lanning@gmail.com>
To: <secureshell@securityfocus.com>
Sent: Thursday, August 12, 2004 6:12 AM
Subject: Re: ACL problems, any suggestions would be great



For authentication you can look into:

RhostsRSAAuthentication yes
HostbasedAuthentication yes

As for restricting to execution of a single command, I don't think
OpenSSH can do it.
I think the comercial SSH from http://www.ssh.com/ can.

On Tue, 10 Aug 2004 13:57:35 -0400 (EDT), Bryan Loniewski
<brylon@jla.rutgers.edu> wrote:


Here is what we'd like to do:

User logs into some machine (frontend) starts pine, pine ssh's to

another machine

(backend) where their mail is actually stored in Maildir format and

exec
/etc/rimapd.

We want to do this without the user having to enter a password again

on
the backend

machine.

Here are the problems:

We don't want to use public-key.
We don't want these users (the ones typing pine) to be allowed to

login
to the remote

machine (backend).
We don't want them to be allowed to execute any commands on the

remote
machine (with the

exception of "exec /etc/rimapd".

I could not come up with a solution to solve this problem with

openssh.
I started looking

for other open implementations of secure shell and lsh caught my

eye.
Lsh appealed to me

because you could specify a login shell for all users that would

override the login shell

in the passwd db (this was perfect since we could then create a

shell
called rimapd and

it just executed /etc/rimapd).  The reason I could not go with this

solution is lsh

does not have trusted host authentication mechanisms, so there was

no
way to have

passwordless logins.

Any suggestions?

Thanks.

Bryan




-- 
END OF LINE
       -MCP
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Problem tunneling X11 on AIX, Sven Maier
Next by Date:  Changing user password remotely using SSH script, +ACI-Nguyen, David M+ACI-
Previous by Thread:  RE: ACL problems, any suggestions would be great, Ryan A. Krenzischek
Next by Thread:  Restrict commands for all users, Chris Jensen
Indexes:  [Date] [Thread] [Top] [All Lists]