Thanks Muhammad, however, I have considered the public key approach.
There are two problems:
1) I am working on a commercial system. The user should not be required
to go through all of those steps.
2) The system is embedded, so it has a limited storage size.
Muhammad Naseer Bhatti wrote:
Why don't you use keys based authentication? Please look into the following
URL for more info:
http://cfm.gs.washington.edu/security/ssh/client-pkauth/
Regards,
Muhammad Naseer
Digital Linx - We eDrive your Business
1 (214) 329-4291
-----Original Message-----
From: Greg Waltz [mailto:gwaltz@catalystcorp.com]
Sent: Tuesday, September 21, 2004 8:13 PM
To: secureshell@securityfocus.com
Subject: Replacing User Authentication Method (with version)
I am working on a system that runs sshd to allow access to a particular
application on the system. There is a shell-type application that
authenticates the user with the main application and provides the UI.
Currently, the client must send a user name when connecting via ssh (i.e.
ssh dummy@host). The user name, dummy, is a user in /etc/passwd that has no
password. The sshd_config allows empty passwords so that the user goes
directly to the shell application, which takes care of the actual user
authentication.
What I would like to do is to eliminate the dummy user and have
authentication take place via the proprietary shell application. For
example, I am already using agetty to do the same on non-network
consoles: "agetty -n -l /usr/bin/myshell -L /dev/console_device bps
term_type"
Similarly, I am also using "in.telnetd -L /usr/bin/myshell" to do the same
for telnet.
What is a good way to replace/bypass ssh's user authentication?
Is PAM the way to do something like that?
I am using Open SSH 3.8.1p1.
Thanks
--
Greg Waltz
--
Greg Waltz
