Secure Shell
Re: Unix (pam) authorization with required public key Aug 31 2010 10:17PM
?л?я Ско?ик (ilya skorik me) (2 replies)
Re: Unix (pam) authorization with required public key Sep 01 2010 07:36PM
Florian Gleixner (flo redflo de)
Re: Unix (pam) authorization with required public key Aug 31 2010 11:35PM
Robert Hajime Lanning (robert lanning gmail com) (3 replies)
Re: Unix (pam) authorization with required public key Sep 01 2010 10:20AM
Filip FÄ?fara (tazzek tasak org)


A possible workaround is to use an SSH key which "forces" a command of "sudo /bin/login".
By doing so, one would first authenticate with the SSH key (without password), and then need to authenticate through the "regular" PAM stack (password from LDAP).
I haven't tried the configuration myself, but it's worth a shot.

Best regards,
Filip Fafara

W dniu 01.09.2010 01:35, Robert Hajime Lanning pisze:
> ssh is not written to do that.
>
> It authorizes on first successful authentication.
>
> The closest thing you can do is distribute PKCS#11 compatible hardware
> tokens and configure the ssh client to use the key from there.
>
> This will implement two factor authentication.
> 1) the token (the key never leaves the token)
> 2) password authentication to the token to unlock access to use the key.
>
> You do loose the LDAP auth in doing this.
>
> 2010/8/31 Ð?лÑ?я СкоÑ?ик <ilya (at) skorik (dot) me [email concealed]>:
>> Approximately so.
>>
>> A problem that people from an enterprise network have access to the
>> server. And there is Windows in their network. Recently the virus has
>> stolen passwords at one of managers, has entered on the one of servers
>> and has download the bad software.
>>
>> I would like will restrict access in case of simple larceny of
>> passwords by viruses, but I am not able to do it standard manner.
>> Because from server side all managers come from one ip addresses. Also
>> I don't want to setup authorization through a public key. Since it
>> isn't compatible with ldap authorization on the server. And managers
>> can come on the server without entering any passwords.
>>
>> All that I want is a mandatory presence of a public key and standard
>> authorization with request of the password which is stored on the
>> server.

[ reply ]
Re: Unix (pam) authorization with required public key Sep 01 2010 07:46AM
Aris Adamantiadis (aris adamantiadis belnet be)
Re: Unix (pam) authorization with required public key Sep 01 2010 01:06AM
Dan Mahoney, System Admin (danm prime gushi org)


 

Privacy Statement
Copyright 2010, SecurityFocus