[kwlug-disc] How to ... having ssh key connected ... ask for password, logout if fail?
Digimer
lists at alteeve.ca
Wed Oct 5 10:50:47 EDT 2016
You can still write scripts to fill in passwords with 'expect'.
On 05/10/16 10:45 AM, Khalid Baheyeldin wrote:
> Passphrases are a built-in feature of the ssh private key itself.
>
> In order to change your key's passphrase, type the following command:
>
> $ ssh-keygen -p
>
> No need for mucking with shells, login, ...etc.
>
> Just be aware that if you do add a passphrase, then batch scripts that
> you wrote and use scp ...etc. will not work since it will prompt for a
> password.
>
>
> On Wed, Oct 5, 2016 at 10:10 AM, B.S. <bs27975.2 at gmail.com> wrote:
>> I have set up key files for ssh'ing in. key passphrases are empty. ssh
>> me at mine takes me straight to a prompt. This is 'good'.
>>
>> (1) How to be asked for a password once connected?
>>
>> (i.e. key files limit external access to ssh server [no keyfile, no access]
>> - but with an empty passphrase, how to know the user is authorized / the key
>> didn't get copied somewhere else / someone else isn't using it?) [Ignore
>> proper permissions / file restriction settings - assume root is accessing
>> the file.]
>>
>> Really, I'd like to be asked to log in post ssh passwordless connect, and
>> logged out if that fails.
>>
>> The beginnings of an answer appears to be to create a ~.ssh/rc script.
>> (Which runs sh, not bash, BTW.) [[ ${SSH_CONNECTION:1:11} == $local_lan ]]
>> no workie.
>>
>> 'login' doesn't do it, won't even run - once connected, one is in a non-root
>> environment. 'kill -9 $PPID' doesn't logout - only kills the shell calling
>> rc.
>>
>> (2) How to force logout if password verification fails?
>>
>> See 'login' doesn't do it. Note (kubuntu 12.04) has no logout command.
>> logout IS an internal bash command, but not an internal sh (dash) command -
>> which is how rc gets run. 'kill -HUP `ps -ef |grep $USER|grep bash|awk
>> {'print $2'}`' would do it, but also kills all local shells at the same time
>> - undesirable.
>>
>> (3) or ... how to limit remote connections to ssh (not knowing where one
>> might be, with their usb stick containing the keyfiles, that day), then
>> login with password as usual?
>>
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>
>
>
--
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?
More information about the kwlug-disc
mailing list