Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 8th February 2006, 10:22 AM
deanhiller Offline
Registered User
 
Join Date: Feb 2006
Posts: 7
useradd, but not set password

what happens in linux if I run the useradd command but I never set the password. ie. I don't specify it when adding the user and don't run the passwd command to add it. Is the password disabled then such that it cannot be used to ssh in to the box? This is exactly what I want, but would like to know if this is true.

Also, still waiting on that other post. Is there no way to send mail if someone tries to login to ssh and uses the wrong user and/or password?

thanks,
dean
Reply With Quote
  #2  
Old 9th February 2006, 03:58 AM
reddazz Offline
Registered User
 
Join Date: May 2005
Location: N.W. England
Age: 35
Posts: 71
If you don't set a password, then the user won't be able to login to the system. If you want to use ssh without entering your password, there are articles on the net that show how to do this. Just search for "ssh+no+password".
Reply With Quote
  #3  
Old 9th February 2006, 04:04 AM
Firewing1 Offline
Registered User
 
Join Date: Dec 2004
Location: Canada
Age: 23
Posts: 9,224
If you want to set a default password for them, then type
Code:
su -
passwd user
Enjoy.
BTW, personally I like to set their default passwd to their real name (not unix username) but make it leet. EG, "d34nh1113r". hard to crack by brute force.
Firewing1
__________________
[+] My open source software and blog
[+] Some of my howtos: (for full list, click here)
Reply With Quote
  #4  
Old 9th February 2006, 10:11 AM
deanhiller Offline
Registered User
 
Join Date: Feb 2006
Posts: 7
I can log in still

raddazz, are you 100% sure????? I have not set the password for the user and can still login with that user name using a certificate and no password since ssh skips the password prompt step when using client certificates. If I don't set the user password, does this mean there is not a password at all for the user on linux?

firewing, thanks for the info. I actually know how to set the password. thanks for the info though.

Lastly, I want a computer where every user except one user can only use certificates. All the info on the internet points to forcing all users to use certificates. I want to do all users except one user.

thanks for the info guys,
dean
Reply With Quote
  #5  
Old 9th February 2006, 01:27 PM
foobar47 Offline
Registered User
 
Join Date: Nov 2005
Location: France - Lille
Posts: 406
Quote:
Originally Posted by deanhiller
I have not set the password for the user and can still login with that user name using a certificate and no password since ssh skips the password prompt step when using client certificates. If I don't set the user password, does this mean there is not a password at all for the user on linux?
Of course, you use certificates...

If you don't put any password to the user, it won't be able to connect either on SSH or on system at all !
You can if you put su from root shell...

Quote:
Lastly, I want a computer where every user except one user can only use certificates. All the info on the internet points to forcing all users to use certificates. I want to do all users except one user.
Use a certificate for all user and restrict ssh access to this user.
Look at the 'AllowUsers' directive in sshd_config. You can use something to
the like of 'AllowUsers root at 10.0.0.1 root at 10.0.0.1 etc'. You can also use
wildcards in the fields.
Quote:
Deny/All specific users

By default any user that can have an interactive login (a shell) will be allowed to SSH. All typical user accounts and some system accounts fall in this catagory. Typically all users do not need SSH access and daemon/system accounts with shells should typically not be allows to SSH.

To restrict the SSH access to set users you can either Allow everyone and deny the specific account or deny all and allow only specific accounts. This can be done per user or per group

The following changes can be made to the default config to restrict user access.

* AllowUsers: a list of allowed users seperated by spaces (example: AllowUsers bob mary joe
* AllowGroups: a list of allowed user groups seperated by spaces (example: AllowGroups admins webadmins
* DenyUsers: a list of denied users seperated by spaces (example: DenyUsers oracle
* DenyGroups: a list of denied user groups seperated by spaces (example: DenyGroups users

Any of the above settings can be made more advanced by restricting them to certain hosts or by using wildcards. (example: AllowUsers oracle@*.ku.edu restricting logins to the Oracle account to particular that particular user from a computer with an on campus DNS name.
Quote:
Also, still waiting on that other post. Is there no way to send mail if someone tries to login to ssh and uses the wrong user and/or password
This is done by LogWatch... Something like that :
Quote:
--------------------- SSHD Begin ------------------------


Users logging in through sshd:
root:
my-machine.mydomain.com (256.256.256.256): 1 time

---------------------- SSHD End -------------------------
It send you user which can log and who can't...
__________________
My WebPage
RHCT for the moment !
Reply With Quote
  #6  
Old 9th February 2006, 02:09 PM
deanhiller Offline
Registered User
 
Join Date: Feb 2006
Posts: 7
your rock!!! thanks much for the info. yes, I should definitely turn off shell access for these users. They are ssh only.
Reply With Quote
  #7  
Old 9th February 2006, 02:27 PM
foobar47 Offline
Registered User
 
Join Date: Nov 2005
Location: France - Lille
Posts: 406
you're welcome
__________________
My WebPage
RHCT for the moment !
Reply With Quote
Reply

Tags
password, set, useradd

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
/usr/sbin/useradd - why not just useradd? melbs Using Fedora 7 22nd January 2009 10:43 PM


Current GMT-time: 22:25 (Tuesday, 23-09-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat