Secure Shell
Re: Unix (pam) authorization with required public key Aug 31 2010 10:17PM
?л?я Ско?ик (ilya skorik me) (2 replies)
Re: Unix (pam) authorization with required public key Sep 01 2010 07:36PM
Florian Gleixner (flo redflo de)
Re: Unix (pam) authorization with required public key Aug 31 2010 11:35PM
Robert Hajime Lanning (robert lanning gmail com) (3 replies)
ssh is not written to do that.

It authorizes on first successful authentication.

The closest thing you can do is distribute PKCS#11 compatible hardware
tokens and configure the ssh client to use the key from there.

This will implement two factor authentication.
1) the token (the key never leaves the token)
2) password authentication to the token to unlock access to use the key.

You do loose the LDAP auth in doing this.

2010/8/31 éÌØÑ óËÏÒÉË <ilya (at) skorik (dot) me [email concealed]>:
> Approximately so.
>
> A problem that people from an enterprise network have access to the
> server. And there is Windows in their network. Recently the virus has
> stolen passwords at one of managers, has entered on the one of servers
> and has download the bad software.
>
> I would like will restrict access in case of simple larceny of
> passwords by viruses, but I am not able to do it standard manner.
> Because from server side all managers come from one ip addresses. Also
> I don't want to setup authorization through a public key. Since it
> isn't compatible with ldap authorization on the server. And managers
> can come on the server without entering any passwords.
>
> All that I want is a mandatory presence of a public key and standard
> authorization with request of the password which is stored on the
> server.

--
And, did Galoka think the Ulus were too ugly to save?
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?? -Centauri

[ reply ]
Re: Unix (pam) authorization with required public key Sep 01 2010 10:20AM
Filip FÄ?fara (tazzek tasak org)
Re: Unix (pam) authorization with required public key Sep 01 2010 07:46AM
Aris Adamantiadis (aris adamantiadis belnet be)
Re: Unix (pam) authorization with required public key Sep 01 2010 01:06AM
Dan Mahoney, System Admin (danm prime gushi org)


 

Privacy Statement
Copyright 2010, SecurityFocus