0

I am looking for a way of seamless ssh in a way that when user does ssh through shell, it will be disallowed (or normal rules apply) but if a process (non-interactive) tries to ssh with the same user should be allowed without password. May be some keys generated by the root of the server for users coming with some extra inputs.

Please help.

ashji
  • 1
  • @Rilindo Hi Rilindo, I can see a similar point raised by you in one communication in 2011. Please share if you know a way for the same. ssh -i, still seem to be asking for password for me. ref link: http://serverfault.com/questions/323958/how-do-you-create-an-ssh-key-for-another-user?answertab=active#tab-top – ashji Jan 14 '13 at 05:59

1 Answers1

0

best way to do this is to have a dedicated ssh key for each process that requires access, make sure that no other user has permissions on the private keys.

Each process should have it's own key so that if any key is comprimised you only have to change one processes setup rather than each one that uses the key.

If you don't want ssh prompting for a password you can use

ssh -o "PasswordAuthentication=no" user@host

This will silently fail if no other authenication succeeds (ie public key) and no prompt will be given

peteches
  • 413
  • 3
  • 8
  • Can you please elaborate on how we can generate ssh key on process basis? Please note that there is no separate user account here. – ashji Jan 16 '13 at 15:00
  • [Ssh-keygen](http://linux.die.net/man/1/ssh-keygen) -C "comment to add to key file" -f /path/to/privatekeyfile -N "" ; this should create a private key in the file given to the -f flag with corresponding pubfile created with an appending .pub. the comment should probably be the process the key is for. The -N is the password for the private key, best to be blank for non-interactive stuff if omitted it will prompt you for it – peteches Jan 17 '13 at 02:05