Linux Authentication Systems - Linux Geek Net. /etc/passwd On almost all linux distributions (and commercial *nixes as well), user information is stored in /etc/passwd, a text file which contains the user's login, their encrypted password, a unique numerical user id (called the uid), a numerical group id (called the gid), an optional comment field (usually containing such items as their real name, phone number, etc.), their home directory, and their preferred shell. A typical entry in /etc/passwd looks something like this: bozo:x:1000:1000:Bozo the Clown:/home/bozo:/bin/ bash What follows is a discussion of various authentication and authorization methods. Traditionally user authentication is programmed directly into applications. PAM is built into many Linux distributions, including Caldera 1.3, 2.2 and later; Debian 2.2 and later; Turbo Linux 3.6 and later; Red Hat 5.0 and later; and SuSE 6.2 (partial support).
Linux as a server, can provide several different services (e.g., web, ftp with areas restricted by password control). Auth. SSH and ssh-agent. No one likes typing passwords. If people had their way, computers would simply know who they were and what they should have access to without us proving it at every turn.[1] In my last article I showed you how to create SSH Identities/Pubkeys, which can be used as an alternative to password authentication. However, I then went right back and told you to passphrase protect them, so now you were substituting one password for another, seemingly gaining nothing.
This week we have the payoff. We'll take the Identity/Pubkey trust we created last time, and learn how to use the ssh-agent program as our keymaster. Starting up the Agent To start up the agent you can simply run it on the command line: $ ssh-agent SSH_AUTH_SOCK=/tmp/ssh-OqdW7921/agent.7921; export SSH_AUTH_SOCK; SSH_AGENT_PID=7922; export SSH_AGENT_PID; echo Agent pid 7922; When the agent starts, it writes some information to your screen that you can use to set up your shell's environment variables. Putting keys into the agent. An Illustrated Guide to SSH Agent Forwarding.
The Secure Shell is widely used to provide secure access to remote systems, and everybody who uses it is familiar with routine password access. This is the easiest to set up, is available by default, but suffers from a number of limitations. These include both security and usability issues, and we hope to cover them here. In this paper, we'll present the various forms of authentication available to the Secure Shell user and contrast the security and usability tradeoffs of each. Then we'll add the extra functionality of agent key forwarding, we hope to make the case that using ssh public key access is a substantial win.
Note - This is not a tutorial on setup or configuration of Secure Shell, but is an overview of technology which underlies this system. SSH supports access with a username and password, and this is little more than an encrypted telnet. We'll note that this exchange, and all others in this paper, assume that an initial exchange of host keys has been completed successfully. IUCS CSG FAQ - How do I set up my UNIX account for OpenSSH usage? HOWTO: set up ssh keys. Now this is all well and good, but who wants to run their whole life from a single bash instance? If you use an X window system, you can type your passphrase once when you fire up X and all subprocesses will have your keys stored. Make yourself another key: ssh-keygen -t dsa -f ~/.ssh/whoisit Just press return when it asks you to assign it a passphrase- this will make a key with no passphrase required.
Sshdfilter V1.4.2 ssh brute force attack blocker.