Re: Unix (pam) authorization with required public key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




A possible workaround is to use an SSH key which "forces" a command of "sudo /bin/login". 
By doing so, one would first authenticate with the SSH key (without password), and then need to authenticate through the "regular" PAM stack (password from LDAP).
I haven't tried the configuration myself, but it's worth a shot.

Best regards,
Filip Fafara


W dniu 01.09.2010 01:35, Robert Hajime Lanning pisze:
> ssh is not written to do that.
>
> It authorizes on first successful authentication.
>
> The closest thing you can do is distribute PKCS#11 compatible hardware
> tokens and configure the ssh client to use the key from there.
>
> This will implement two factor authentication.
> 1) the token (the key never leaves the token)
> 2) password authentication to the token to unlock access to use the key.
>
> You do loose the LDAP auth in doing this.
>
> 2010/8/31 Илья Скорик <ilya@xxxxxxxxx>:
>> Approximately so.
>>
>> A problem that people from an enterprise network have access to the
>> server. And there is Windows in their network. Recently the virus has
>> stolen passwords at one of managers, has entered on the one of servers
>> and has download the bad software.
>>
>> I would like will restrict access in case of simple larceny of
>> passwords by viruses, but I am not able to do it standard manner.
>> Because from server side all managers come from one ip addresses. Also
>> I don't want to setup authorization through a public key. Since it
>> isn't compatible with ldap authorization on the server. And managers
>> can come on the server without entering any passwords.
>>
>> All that I want is a mandatory presence of a public key and standard
>> authorization with request of the password which is stored on the
>> server.



[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux