Tag Archives: SSH
This is a very small article that will help system admins to use ssh using PHP and do system admin work as demands. Before we go details, please take all of your necessary security measures before using the scripts and web site. Make sure the site is protected enough to allow only legitimate users to get the script’s access. Also make sure you are not allowing all kind of command to issue using the PHP scripts.
This is the 2nd Part of the article. You can read 1st part here. Just to let you be aligned with us, we considered
- The name of the central server is ldap1.yourcompany.com with IP 192.168.100.201
- To test the configuration we have another server internal.yourcompany.com with IP 192.168.100.10
- sifatpeter is the name of the user we will use for testing the solution
which was defined in the 1st part of the article. We ensured that the ldap service was configured and the service was up and running. Be informed that the ldap daemon named is slapd, for openldap suit.
Using same password to login multiple systems was an ambition for System Administrators from long time back. Network Information System (NIS) was one of the early implementation to achieve that goal. But NIS had few drawbacks which required strong alternative to support the requirement. We know, LDAP (Lightweight Directory Access Protocol) was originally developed to provide directory services based on the X.500 standard. Microsoft used LDAP Active Directory Service and Novell used for Novell Directory Services (NDS) products. LDAP’s inherent features makes it a strong alternative for NIS to be used for central authentication.In this article we will try to show you how you can achieve central authentication system using Linux and LDAP for SSH login.
SSH is being used for secured remote connectivity in Linux and UNIX for a very long time. It gives strong encrypted tunnel between SSH server and client. On the other hand RADIUS is generally being used for dial-up authentication and act as a central server for multiple NAS (Network Access Server). There are few cases where you may want to use RADIUS for your SSH authentication instead of using your local /etc/shadow file. For example, if you have multiple Linux servers but you want to manage the authentication from central database. Though there are some other mechanism like NIS or LDAP, still RADIUS is a choice for it’s ease of use and some unique features.
SSH is mostly used remote access mechanism for almost all Linux or UNIX operating systems.is the de-facto package that provides ssh daemon, sshd. Protecting access to systems using ssh is generally controlled by sshd_config file (generally resides in /etc/ssh/sshd_config). There are some parameters like PermitRootLogin or AllowUsers are generally considered to protect particular user’s access to the system. We will discuss more on sshd_config files in another article.
Plugable Authentication Module (PAM) is a very strong method for authentication for any applications and most of the ssh access are generally managed by PAM (if UsePAM=yes). PAM opens some opportunity for system admin to control access to the applications. Today we will demostrate how you can use PAM’s power to control access to ssh service. Remember, this control will not overried sshd_config, rather it will be complementary.