From: Ignacio Vidal (ividal@BIYCSA.COM.AR)
Date: Tue Sep 17 2002 - 11:51:44 EDT
Kevin:
What I'm trying to use is SSH "in conjunction" with AIX user's policies...
What I've seen is that you could use the parameter "UseLogin" in sshd_config.
This way, you can set some definitions for users (like password length, and so...) and connect to the server using any ssh client.
When you establish the connection, the ssh server process uses "login" (from the unix-AIX box), and applies the defined policies (of the system) to the user who connects.
I'm not talking of a RSA scheme (with use of public-private key pairs). This is just for replacing telnet connections with ssh encrypted ones.
The parameter "UseLogin" has a bug reported against it for SSH server versions < 3.3 (I'm trying to install a 3.4 version of openssh package from open source developmet group of IBM, but I got some errors now...)
Hope this explained something else.
Regards
Ignacio
> -----Mensaje original-----
> De: Adams Kevin J [mailto:kevin.adams@PHS.COM]
> Enviado el: lunes, 16 de septiembre de 2002 17:37
> Para: aix-l@Princeton.EDU
> Asunto: Re: System user policies
>
>
> OpenSSH maintains its own policies or settings in its config
> files, i.e.,
> /etc/ssh/sshd_config, /etc/ssh/ssh_config, ~userid/.ssh/config.
>
> You could use the AIX password with OpenSSH, but the true
> spirit of OpenSSH
> is to use a passphrase and/or a public/private key.
>
> OpenSSH will honor some AIX settings such as disabling of remote root
> logins.
>
> Kevin Adams
> -----Original Message-----
> From: Ignacio Vidal [mailto:ividal@BIYCSA.COM.AR]
> Sent: Monday, September 16, 2002 12:17 PM
> To: aix-l@Princeton.EDU
> Subject: [aix-l] System user policies
>
>
> Hello:
> I need some feedback related to the use of Secure Shell (OpenSSH) with
> system-user policies...
> I need to define some restrictions about user's password
> lenght, password
> rotation, login retries (and things like that)
> What I see is that using telnet/rsh (and so on), every change
> (of this kind)
> done with smit behaves as expected.
>
> How can I configure these using SSH?
> Has this anything to do with "auth_method" in /etc/security/login.cfg?
>
> Does anyone have any idea??
>
> Thanks in advance, regards
>
> Ignacio
>
>
> This electronic message transmission, including any
> attachments, contains information from PacifiCare Health
> Systems Inc. which may be confidential or privileged. The
> information is intended to be for the use of the individual
> or entity named above. If you are not the intended recipient,
> be aware that any disclosure, copying, distribution or use of
> the contents of this information is prohibited.
>
> If you have received this electronic transmission in error,
> please notify the sender immediately by a "reply to sender
> only" message and destroy all electronic and hard copies of
> the communication, including attachments.
>
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:16:12 EDT