Password less
We have request where we need to user with password less login but when same can SSH.
Responses
Hi Hermant,
You have a user logging without a password on the console and want to have the same for SSH?
In sshd_config there is an option:
"""
PermitEmptyPasswords
When password authentication is allowed, it specifies whether the server allows
login to accounts with empty password strings. The default is "no".
"""
but this is a BAD idea from this perspective.
Why not explore setting up a ssh key for your user(s)? You can set it up on the first time and from there on at least you can track their activity.
Hope this helps,
PS: this is something like a free-for-all area, better open a support case if you are on a tight schedule to have it completed.
Marius
Hello Hermant, I'll add to Marius' reply
The following will setup keys on server1 to allow you to ssh to server 2 without a password. (it will overwrite any existing keys)
[user@server1 ~] $ echo | ssh-keygen -t rsa -b 2048 -N ''
[user@server1 ~] $ ssh-copy-id server2
<you will need to manually enter password here>
[user@server1 ~] $ ssh server2
NOTE: ssh key files and directories are generally very strict when it comes to file permissions (as well as SElinux). If you run in to issues, be sure to check your permissions. The commands above will create the following on server1
~/.ssh
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
It will then create the following on server2
~/.ssh/authorized_keys
Hermant, I have seen ssh keys not work if a user's permissions for their drive are more open than 755 (home drives typically ought to be 700). I've seen where a user had their home drive set to 777 (that is a bad practice if it exists) and their ssh keys would not work until their home drive was at minimum 755 (I'd recommend 700 because it is their home drive and no one else's).
- The .ssh directory permissions can cause consternation (I've seen in some environments) if they are too wide open This documentation at Red Hat recommends 700 for the .ssh directory, and 600 for ~/.ssh/authorized_keys
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
