Ubuntu Security :: Resolving An Account Password With Pam-script When Using Passwordless SSH? Possible?
Oct 6, 2010
I'm trying to configure a process triggered by an SVN post-commit hook which will log into a different host and carry out an SVN update on a file path on that host before exiting. An earlier attempt mounted the remote filepath on the SVN host using sshfs and performed the update locally. This worked but it was incredibly slow (minutes to complete an SVN update).
So, Plan B was to set-up a passwordless login for the user the script runs as and then use pam-script to script a checkout from a repository using the same credentials. The problem is, passwordless SSH login using private/public keys appears to bypass the PAM authentication system or at least interact with it in a way that no environment variables (including the SSH user's name and pass) are resolved by the authentication script being used by pam-script.
I've tested the pam-script behaviour for normal log-ins and it exposes these variables fine. This leaves me in a Catch-22 with trying to script access on one host to perform actions on another while avoiding user/pass prompts or the need to store plaintext passwords on the remote host.
Anyone know if there's a way to resolve a user account password via PAM when using passwordless SSH or, another approach I could take to perform scripted tasks on the remote system requiring authentication? Ideally without storing the passwords on the remote system (at least in unencrypted form).
View 1 Replies
ADVERTISEMENT
Dec 27, 2010
i use ubuntu 10.04, is there a way to set two passwords for 1 user account
View 2 Replies
View Related
Mar 10, 2010
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
View 4 Replies
View Related
Nov 12, 2010
I remember my password very well and have no need of password recovery. Everywhere I look it's how to recover and I don't want that. The kind where you boot into root recovery console to change the password.
View 4 Replies
View Related
Feb 15, 2011
I suppose that my main Linux user account password serves as my SSH password as well. Is there a way I can modify this? As it turns out, I'd like to have a REALLY secure SSH password for obvious reasons, but a less secure local password, as it makes typing in passwords a heck of a lot easier on a machine. Is there a way I can change my account password in SSH without changing my Linux user password?
View 2 Replies
View Related
Jul 8, 2010
I installed IPlist earlier today on my main/admin account (which I only use for installing programs. I don't use this account daily.) and everything was fine. When I logged into my every day account and tried to load the program, it prompted me for my password. When I entered it, I got this message:Quote:Failed to run /usr/sbin/ipblock start_gui as user root.The underlying authorization mechanism (sudo)t allow you to run this program. Contact the system administrator.Does this mean I am not able to use this program on this account, or is there a way around it? I'm new to Ubuntu so forgive me if I'm asking the obvious. I looked around and couldn't find an answer. I really don't want to use my admin account for daily activities, but I also really want to be able to use IPlist
View 2 Replies
View Related
Sep 8, 2010
I can't get this to work on my machines.
So far I have:
1. created a key with ssh-keygen on the server to be logged in to
2. copied the .pub key to my local machine
3. chmod 700 ~/.ssh on both machines
4. chomd 600 ~/.ssh/ic_rsa on the server, and on known_hosts on my local machine
5. added the .pub key to ~/known_hosts on my local machine
my local machine doesn't have an "authorized_keys" file which is what everything is telling me I should append my .pub key to. The only thing that was in my .ssh folder was known_hosts, so I tried that. I also tried making an authorized_hosts file to no avail, changing permissions appropriatly on all files.
Should I/Can I reset ssh in some way? Is there are reason I don't have an authorized_keys file or is my known_hosts file my authorized_keys file?
Would it be better just to uninstall/reinstall ssh?
View 2 Replies
View Related
Jan 19, 2010
whether iptables logs can be set to automatically resolve IP addresses? I am running the firewall on a network with DDNS/DHCP, and this ability would really help quickly identify hosts with suspect traffic.Failing this, I guess the simplest solution will be to simply set static addresses!
View 1 Replies
View Related
Dec 18, 2010
i changed my account password but now when i log in a keychain manager pops up and asks for the old password to join wifi.
how can i update the keychain password to match the account password?
View 5 Replies
View Related
Jun 14, 2011
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
View 4 Replies
View Related
Apr 16, 2010
After today's sudo upgrade on Karmic amd64, I am able to login only as root on my xubuntu system. Tried to change password on my user account but the result is the same.
View 3 Replies
View Related
Sep 14, 2010
I enter guest session and try to install an app. I am asked for a password, I try with mine (for my account) but it seems to be incorrect(logical). Well how can I find the password for the guest account???
View 3 Replies
View Related
Oct 22, 2010
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
View 7 Replies
View Related
Oct 21, 2010
I created email account with commands "adduser -s /sbin/nologin test; passwd test";Is there any way to grant permission to user "test" to change his password by himself? My system is CentOS 4.4.
View 2 Replies
View Related
Jan 13, 2010
How can I force passwd to use a simple password?I want to change my passwd & delete passwd history (if stored).I plan on creating a Virtual Appliance that uses another password besides my testing password.
View 5 Replies
View Related
Jan 18, 2011
Is there any way we can create user account without password in Fedora 14.
View 5 Replies
View Related
Mar 13, 2011
just started using Debian today and I would like to know how can I disable the user acount password, I am the only user on this computer so I would like it to boot strait into my account.
View 3 Replies
View Related
Aug 2, 2011
I'm still fairly new to Suse(and Linux) I have an account on my system that is locked when i run passwd -S accountname i get 'accountname lk' as the response. However when i try to unlock it using passwd -u accountname i get 'Cannot unlock the password for accountname!'.Any ideas on why i can't unlock the account?
View 2 Replies
View Related
Jul 7, 2009
I first started using Ubuntu and I liked the sudo facility because I didn't need to remember two passwords, so when I installed Debian I wrote the same password for the limited and the root account. Is this very bad for security? I mean can a program started from my regular account immediately become root or something?
View 9 Replies
View Related
Dec 3, 2008
I want to know how to change a password to an user account. Can someone give me the syntax on how to do this? I was using usermod but it's not working (usermod -p 123456 user1). Is there other way beside usermod? I am using RHEL5.
View 3 Replies
View Related
Dec 21, 2010
I have my correct root password, I can login successfully in terminal on "su" with the same password.
But using the same password, when I open up fedora and try to login on login screen with:
uid: root
password: password
I could not login, why?
View 6 Replies
View Related
May 5, 2009
I'm running 5.2, mostly updated. I've got a user account that is really only used by some clients (Polycom phones) to log into vsftpd. Once every few days or so, the password on the account changes to something other than what I've specified, and I can't figure out why. The other user accounts on the system don't seem to be affected, though none of the other accounts are used by/for vsftpd.
chage shows that the account password should never expire, so I don't think that's what's happening. I'm wondering if VSFTPD is just not playing nicely with PAM. Is there a way to explicitly prevent vsftp from changing a user password? I can't seem to find anything like this.I'm not sure if this makes any difference, but the system is clustered using heartbeat/drbd. The users are unique to each of the nodes in the cluster, though, so I don't think this should really have any effect.
View 1 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Oct 1, 2010
I have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
View 1 Replies
View Related
Mar 26, 2010
Is there a way to login to an account with only the root password? Because I really need it the first unlock the computer next to me and second because I just want to know.
View 9 Replies
View Related
Feb 24, 2011
what is default login and password for open suse?
View 1 Replies
View Related
Sep 6, 2010
Basically in addition to the first installation account on my system (my account) ive also set up another user alongside my own. Its not a admin account but 'desktop user' account but in the group id section this account comes as '1001'-what does this 1001 mean? Furthermore are there any risks i should know about arising from setting up another account on my pc?
View 9 Replies
View Related
Mar 12, 2011
I started up my computer and suddenly, I saw that there was a new user account. I didn't create it and no one else uses my computer (let alone has access to user account creations). It was called dtc. It didn't seem to have any privileges and the only file in its home folder was called Examples. Should I worry that I might have some kind of malware? I deleted the user and the folder (and it came back after a while). It's main group is dtcgrp. The User ID is 1004.
View 2 Replies
View Related
Apr 12, 2016
I have lost my password for my root and for my user account.
Code: Select alluser@debian:~$ su
Password:
su: Authentication failure
user@debian:~$ su
Password:
su: Authentication failure
user@debian:~$ su
I have just installed a gust debian 8 on debian 8 host in virtualbox, and when i wonted too login as su/root on the host there where no login possible, is there a way to regain the root password for the host?
View 2 Replies
View Related
Nov 23, 2009
Trying to set up my Yahoo account on KMail. After entering all the correct (as far as I know) server settings, ports, etc. and trying to check my mail from KMail, I get the following message.
Could not login to pop.mail.yahoo.com. The password may be wrong.
The server said: "[SYS/PERM] pop not allowed for user."
The password is definitely right. What is going on?
View 4 Replies
View Related
