| View previous topic :: View next topic |
| Author |
Message |
mozingod
n00b
Joined: 15 Jun 2003
Posts: 64
Location: Ohio
|
 Posted: Tue Dec 09, 2003 10:06 pm Post subject: SSH and user rights questions |
 |
|
Ok, two quick questions...
1) How can I get ssh to ignore the whole "Are you sure you want to continue connecting?" question and either always add the server to the list of known hosts, or just not ask the question and always connect to the host?
2) How could I give a normal user rights to bind a socket to an interface?
The point of these questions is for my Nagios server. I need the nagios user to be able to run a check_dhcp plugin and bind to the eth0.20 interface (one of the trunked connections coming to the machine), and be able to ssh into servers on the network to execute other plugins. Any help on these questions would be much appreciated. Thanks! |
|
| Back to top |
|
 |
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Tue Dec 09, 2003 11:10 pm Post subject: |
|
|
1. I think the option 'CheckHostIp' in /etc/ssh/ssh_config (or ~/.ssh/config) can be used to achieve this. Might be worth experimenting to find out.
2. Any user can bind a socket to an interface, provided the port number is greater than 1023. Only root can bind sockets to ports below 1024.
You run the ssh daemon on high, unprivileged ports with -p port.
Hope this helps? Sorry if I misunderstood what you're trying to do - I'm not 100% sure I know what you're trying to achieve. |
|
| Back to top |
|
|
mozingod
n00b
Joined: 15 Jun 2003
Posts: 64
Location: Ohio
|
| Posted: Wed Dec 10, 2003 1:12 am Post subject: |
|
|
I'll check on the first answer tomorrow, thanks.
About the socket binding, it's below 1023 (DHCP port, forget what it is off hand). As I said, I'm doing it for Nagios since it runs as a normal user and a plugin to check for DHCP broadcasts needs to bind to the DHCP port to check. Anyway to achieve this? |
|
| Back to top |
|
|
mozingod
n00b
Joined: 15 Jun 2003
Posts: 64
Location: Ohio
|
| Posted: Wed Dec 10, 2003 1:25 pm Post subject: |
|
|
Cool, in the /etc/ssh/ssh_config file I changed
| Code: |
# StrictHostKeyChecking ask
|
to
| Code: |
StrictHostKeyChecking no
|
and now it just adds the host to know the known hosts list without asking. Thanks for the suggestion 
Anyone else know about the socket binding problem? |
|
| Back to top |
|
|
mozingod
n00b
Joined: 15 Jun 2003
Posts: 64
Location: Ohio
|
| Posted: Thu Dec 11, 2003 2:00 pm Post subject: |
|
|
| *bump* Is it possible to let normal users bind to a port less than 1023? |
|
| Back to top |
|
|
meowsqueak
Veteran
Joined: 26 Aug 2003
Posts: 1549
Location: New Zealand
|
| Posted: Thu Dec 11, 2003 6:58 pm Post subject: |
|
|
| To quote myself, I wrote: | | Only root can bind sockets to ports below 1024. |
I think I've already answered that. The kernel will only allow uid 0 (root) to bind sockets to ports in the 'privileged' range (hence the name). There may well be some kernel driver around that changes this behaviour, but I wouldn't know of one.
You might want to look at the 'sudo' command - it allows normal users to run programs as root. You can restrict it to certain applications, which might do what you want. |
|
| Back to top |
|
|
|
Networking & Security
