Allowing user w/out local account to log in

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

This is probably an easy question for you experts, but I'm not one of

We want to allow any user to remotely SSH into our server. They won't
have an account on the server. We plan on using PAM to "redirect" all
SSH requests to a particular command-line application. The username
will be passed along to this application which will verify if it's OK
to proceed.

I have a bare-bones PAM module that supports all four services; right
now it gives success to all of them. However, I see SSH failing out
when an unknown user attempts to connect, even though my PAM module's
'pam_sm_authenticate' gets called. Here's the syslog output  (my
module is outputting the last line):

Apr  9 21:28:23 nemi-011 sshd[1467]: WARNING: /etc/ssh/moduli does not
exist, using fixed modulus
Apr  9 21:28:23 nemi-011 sshd[1467]: Invalid user bob from xx.xx.xx.xx
Apr  9 21:28:23 nemi-011 sshd[1467]: pam_sm_authenticate

So how would one allow a user that did not have a local account to get

Thank you.

Re: Allowing user w/out local account to log in

On 10 Apr, 22:56, wrote:
Quoted text here. Click to load it

Why aren't you using multiple SSH keys for the same user account on
the server? And if you only want file sharing, not shell access, I'd
suggest using WebDAV over HTTPS instead. OpenSSH, at least, does not
have good chroot capability built in to isolate hte users from the
operating system.

Re: Allowing user w/out local account to log in

Quoted text here. Click to load it

Valid points, I'm sure. However, I'd just like to find out what SSH is
really doing WRT checking out the client, and can I disable that check
somehow. I want to let everything pass on to the application.


Site Timeline