SSH certificate authentication for the user without home directory

solarissshunix

I have access to Solaris box over ssh and can login with username and password. I want to write a script which would copy files from that box unattended (scp/sftp from cron). Usually in such case I set up certificate authentication w/o password, but the problem is that my account on that box doesn't have home directory. I don't have a root access and can't change sshd config. Is there any way I can set up certificate authentication in such case? In other words, is there a way to let sshd to use public from location other than ~/.ssh/authrorized_keys?

Alternatively, if the above is not possible, is there other way to set up scp/sftp to run without user input with password based authentication?

Best Answer

No, unless the Solaris box in question have been setup in a rather exotic/strange way there are no way for you to specify a public key to use.

Assuming we are talking about the usual scp client, which is part of OpenSSH, it in itself won't accept a password non-interactively.

One solution might be to write your own scp "client". That is, put something together in your favorite scripting language, using a suitable module/library, allowing the password to be inserted non-interactively.

Related Solutions

Linux – Is it possible to prevent SCP while still allowing SSH access

While you could edit your /etc/ssh/sshd_config to look something like this:

ForceCommand           /bin/sh
PermitOpen             0.0.0.0
AllowTcpForwarding     no
PermitTunnel           no
# Subsystem sftp       /usr/lib/openssh/sftp-server
PermitUserEnvironment  no

I would instead determine what the user is likely to use it for. Because if there are only a few commands that you want them to have access to, I would instead remove the ability for them to even invoke a normal ssh shell.

AllowUsers             root
PermitRootLogin        forced-commands-only

PermitUserEnvironment  no

AllowTcpForwarding     no
PermitTunnel           no

# Subsystem sftp       /usr/lib/openssh/sftp-server
Subsystem smb-reload   /usr/bin/smbcontrol smbd reload-config
Subsystem status       /opt/local/bin/status.sh

ssh root@example -s smb-reload

If you find that you really do need to be able to run a normal shell, the most you really can hope for, is to slow them down, and make it more difficult.

Password for SSH and SCP – How to Set Up

Use a key file. Place the private keyfile on your client and use ssh-agent to keep the key file loaded in memory, decrypted. Place the public key file on each of the systems you want to access.

Use authentication forwarding to create connections between various hosts without being prompted for authentication.

Best Answer

Related Solutions

Linux – Is it possible to prevent SCP while still allowing SSH access

Password for SSH and SCP – How to Set Up

Related Topic