[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Not allow users to change passwd



On Wed, Sep 15, 1999 at 11:23:59AM +0200, Tony Sarendal wrote:
> I have a server (yes my old crappy one) where people can log
> in only if they've sent me their public ssh key.
> 
> I want to disable their regular Unix password, and make sure
> they can't change it.
> 
> What is the best way of doing this ?

man sshd

One of the config file options is to disable normal password access.
How you get the authorized_keys file there in the first place is left
as an exercise for the reader:

       PasswordAuthentication
		Specifies  whether   password   authentication is
		allowed.  The default is "yes".

BTW The way we run it (or will, in real life very soon) is to gather
all the authorized key files into a single directory (/etc/ssh/keys)
and use a slightly hacked version of ssh to check only there for the
public keys.

This give >us< two benefits - (1) No home directory or shared home
directories and (2) with appropriate perms, only *we* can change the
keys or the directory, so users cannot tamper with who is allowed in
to their accounts - on the assumption that they consider their key 
important enough not to give away.

Small, untidy patch attached, and it is assumed that ssh is built
using --with-etcdir=/etc/ssh - this is *not* the standard port
settings.

Regards,
-- 
Peter Galbavy
Knowledge Matters Ltd
http://www.knowledge.com/
Index: software/security/ssh/auth-rsa.c
diff -u software/security/ssh/auth-rsa.c:1.1.1.3 software/security/ssh/auth-rsa.c:1.2
--- software/security/ssh/auth-rsa.c:1.1.1.3	Thu Jun  3 16:54:48 1999
+++ software/security/ssh/auth-rsa.c	Thu Jun  3 17:36:02 1999
@@ -16,8 +16,11 @@
 */
 
 /*
- * $Id: auth-rsa.c,v 1.1.1.3 1999/06/03 15:54:48 peter Exp $
+ * $Id: auth-rsa.c,v 1.2 1999/06/03 16:36:02 peter Exp $
  * $Log: auth-rsa.c,v $
+ * Revision 1.2  1999/06/03 16:36:02  peter
+ * try to have a system-wide directory of key files
+ *
  * Revision 1.1.1.3  1999/06/03 15:54:48  peter
  * import
  *
@@ -254,9 +257,19 @@
       return 0;
     }
   
+#ifdef SSH_PERMITTED_KEYS_DIR
+
+#undef SSH_USER_PERMITTED_KEYS
+#define SSH_USER_PERMITTED_KEYS "authorized keys file"
+
+  /* Check permissions & owner of user's authorized keys file */
+  snprintf(line, sizeof(line),
+           "%.100s/%.100s", SSH_PERMITTED_KEYS_DIR, pw->pw_name);
+#else
   /* Check permissions & owner of user's authorized keys file */
   snprintf(line, sizeof(line),
            "%.500s/%.100s", pw->pw_dir, SSH_USER_PERMITTED_KEYS);
+#endif
 
   /* Open the file containing the authorized keys. */
   if (userfile_stat(pw->pw_uid, line, &st) < 0)
Index: software/security/ssh/ssh.h
diff -u software/security/ssh/ssh.h:1.1.1.3 software/security/ssh/ssh.h:1.3
--- software/security/ssh/ssh.h:1.1.1.3	Thu Jun  3 16:54:50 1999
+++ software/security/ssh/ssh.h	Tue Jun 22 13:02:36 1999
@@ -14,8 +14,14 @@
 */
 
 /*
- * $Id: ssh.h,v 1.1.1.3 1999/06/03 15:54:50 peter Exp $
+ * $Id: ssh.h,v 1.3 1999/06/22 12:02:36 peter Exp $
  * $Log: ssh.h,v $
+ * Revision 1.3  1999/06/22 12:02:36  peter
+ * add '/' to keys directory path
+ *
+ * Revision 1.2  1999/06/03 16:36:02  peter
+ * try to have a system-wide directory of key files
+ *
  * Revision 1.1.1.3  1999/06/03 15:54:50  peter
  * import
  *
@@ -259,6 +265,9 @@
    world-readable.  (This file is read by the daemon which is running as 
    root.) */
 #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
+
+/* Directory containing per-user system-wide rsa keys, as above */
+#define	SSH_PERMITTED_KEYS_DIR	ETCDIR "/keys"
 
 /* Per-user and system-wide ssh "rc" files.  These files are executed with
    /bin/sh before starting the shell or command if they exist.  They