| View previous topic :: View next topic |
| Author |
Message |
iarkin
n00b
Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
|
 Posted: Wed Apr 09, 2003 2:30 pm Post subject: SSH and empty passwords |
 |
|
Hello
how do i make my sshd to accept empty passwords?
I have a user called bbs-user that has no password, problem is ssh wants a password.
I''ve modified the /etc/ssh/sshd_config
PermitEmptyPasswords yes
and /etc/pam.d/sshd
| Code: | #%PAM-1.0
#auth required pam_stack.so service=system-auth
#auth required pam_shells.so
#auth required pam_nologin.so
auth required pam_unix.so shadow nodelay nullok
account required pam_stack.so service=system-auth
password required pam_unix.so shadow nullok use_authtok md5
#password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
|
but alas, ssh still asks for a pass. Any ideas?
Thanks
/iarkin |
|
| Back to top |
|
 |
compu-tom
Guru
Joined: 09 Jan 2003
Posts: 415
Location: Berlin, Germany
|
| Posted: Wed Apr 09, 2003 2:48 pm Post subject: |
|
|
Create a key pair (public key and private key) as the user:
Follow the instructions, let the pass phrase empty. Ensure the files in ~/.ssh are not readable/writable/executable by others than the user herself.
As root, configure the sshd to accept key authentication (this should be the default):
| Code: | | PubkeyAuthentication yes |
Add the user's public key to ~/.ssh/authorized_keys on the remote side (where the sshd runs).
If the file isn't there, create it. Make sure that the file permissions are set correct (see above).
That's it.  |
|
| Back to top |
|
|
iarkin
n00b
Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
|
| Posted: Wed Apr 09, 2003 3:07 pm Post subject: |
|
|
Thanks for your answer!
But doesn't that require every user that wants to use the bbs-user account to do so?
I want something done on the serverside only. So that all new bbs-users have to do is to login via ssh using bbs-user and then be at the bbsprompt.
/iarkin |
|
| Back to top |
|
|
compu-tom
Guru
Joined: 09 Jan 2003
Posts: 415
Location: Berlin, Germany
|
| Posted: Wed Apr 09, 2003 3:21 pm Post subject: |
|
|
Yes, indeed.
I don't know of a mechanism to authenticate yourself without authentication. That would be silly, wouldn't it?
You would give every user access to your machine. User A could log in as user B, if she wish.
If the objective is to have an anonymous user, give all allowed people the private key of this user in order to authenticate as the anon user. But this isn't wise, too. |
|
| Back to top |
|
|
iarkin
n00b
Joined: 04 Apr 2003
Posts: 18
Location: Left at Sirius, second star to the right
|
| Posted: Wed Apr 09, 2003 3:34 pm Post subject: |
|
|
no, i /only/ want user 'bbs-user' to be anonymous. Anything else would be madness.
The only thing the bbs-user does is to init a telnet connection to localhost so that they can access my bbs.
| Code: | /etc/passwd:
bbs-user:x:1004:65533:,,,:/:/usr/bin/telnet -l bbs -E localhost |
/iarkin |
|
| Back to top |
|
|
|
Networking & Security
