[kwlug-disc] How to ... having ssh key connected ... ask for password, logout if fail?
Khalid Baheyeldin
kb at 2bits.com
Wed Oct 5 10:45:27 EDT 2016
Passphrases are a built-in feature of the ssh private key itself.
In order to change your key's passphrase, type the following command:
$ ssh-keygen -p
No need for mucking with shells, login, ...etc.
Just be aware that if you do add a passphrase, then batch scripts that
you wrote and use scp ...etc. will not work since it will prompt for a
password.
On Wed, Oct 5, 2016 at 10:10 AM, B.S. <bs27975.2 at gmail.com> wrote:
> I have set up key files for ssh'ing in. key passphrases are empty. ssh
> me at mine takes me straight to a prompt. This is 'good'.
>
> (1) How to be asked for a password once connected?
>
> (i.e. key files limit external access to ssh server [no keyfile, no access]
> - but with an empty passphrase, how to know the user is authorized / the key
> didn't get copied somewhere else / someone else isn't using it?) [Ignore
> proper permissions / file restriction settings - assume root is accessing
> the file.]
>
> Really, I'd like to be asked to log in post ssh passwordless connect, and
> logged out if that fails.
>
> The beginnings of an answer appears to be to create a ~.ssh/rc script.
> (Which runs sh, not bash, BTW.) [[ ${SSH_CONNECTION:1:11} == $local_lan ]]
> no workie.
>
> 'login' doesn't do it, won't even run - once connected, one is in a non-root
> environment. 'kill -9 $PPID' doesn't logout - only kills the shell calling
> rc.
>
> (2) How to force logout if password verification fails?
>
> See 'login' doesn't do it. Note (kubuntu 12.04) has no logout command.
> logout IS an internal bash command, but not an internal sh (dash) command -
> which is how rc gets run. 'kill -HUP `ps -ef |grep $USER|grep bash|awk
> {'print $2'}`' would do it, but also kills all local shells at the same time
> - undesirable.
>
> (3) or ... how to limit remote connections to ssh (not knowing where one
> might be, with their usb stick containing the keyfiles, that day), then
> login with password as usual?
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple,
and wrong." -- H.L. Mencken
More information about the kwlug-disc
mailing list