Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Replacing User Authentication Method (with version)

from [Muhammad Naseer Bhatti] Network Security [Permanent Link]
Subject: RE: Replacing User Authentication Method (with version)
Date: Thu, 23 Sep 2004 13:19:36 +0500 
Why don't you use keys based authentication? Please look into the following
URL for more info:

http://cfm.gs.washington.edu/security/ssh/client-pkauth/ 

 
Regards,
 
Muhammad Naseer
 
Digital Linx - We eDrive your Business
1 (214) 329-4291

-----Original Message-----
From: Greg Waltz [mailto:gwaltz@catalystcorp.com] 
Sent: Tuesday, September 21, 2004 8:13 PM
To: secureshell@securityfocus.com
Subject: Replacing User Authentication Method (with version)

I am working on a system that runs sshd to allow access to a particular
application on the system. There is a shell-type application that
authenticates the user with the main application and provides the UI.
Currently, the client must send a user name when connecting via ssh (i.e.
ssh dummy@host). The user name, dummy, is a user in /etc/passwd that has no
password. The sshd_config allows empty passwords so that the user goes
directly to the shell application, which takes care of the actual user
authentication.

What I would like to do is to eliminate the dummy user and have
authentication take place via the proprietary shell application. For
example, I am already using agetty to do the same on non-network
consoles:  "agetty -n -l /usr/bin/myshell -L /dev/console_device bps
term_type"
Similarly, I am also using "in.telnetd -L /usr/bin/myshell" to do the same
for telnet.

What is a good way to replace/bypass ssh's user authentication?
Is PAM the way to do something like that?

I am using Open SSH 3.8.1p1.

Thanks

--
Greg Waltz
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Replacing User Authentication Method (with version), Greg Waltz
Next by Date:  Re: OpenSSH -- a way to block recurrent login failures?, Albert Lunde
Previous by Thread:  Replacing User Authentication Method (with version), Greg Waltz
Next by Thread:  Re: Replacing User Authentication Method (with version), Greg Waltz
Indexes:  [Date] [Thread] [Top] [All Lists]