SSH和会话使用不同的密码(KDE,Gnome等)
[英]Different password for SSH and Session(KDE, Gnome, etc.)
问题描述
I'm use an Debian based OS here on my work an i've configured the service for test routines of ERP app... 
我在这里使用的是基于Debian的OS,我已经为ERP应用程序的测试例程配置了服务...
This service (Tomcat+Java service) it's consumed via HTTP on intranet correctly...but the test leader sometimes need chance the database used by service application and uses SSH to access my machine to change database on config file and restart the service...eventually this person change some service or OS config throwing problems to me (on my OS and others things..). 该服务(Tomcat + Java服务)已通过Intranet上的HTTP正确使用...但是测试负责人有时需要机会使用服务应用程序使用的数据库,并使用SSH访问我的机器以更改配置文件上的数据库并重新启动该服务。最终,此人更改了一些服务或操作系统配置,从而向我抛出了问题(关于我的操作系统和其他东西)。
What i want know is if can i change my password only for SSH service (doesn't change to my KDE/Gnome session), just because the company's policy requires everyone to have a default password on stations... 我想知道的是,是否可以仅为SSH服务更改我的密码(不更改为我的KDE / Gnome会话),仅仅是因为公司的政策要求每个人都必须在工作站上使用默认密码...
Remebering that i'm a manager of config, maintenance and others jobs of service to test team...and change database solicitations can made to me. 回忆起我是配置,维护和其他服务团队的经理,以测试团队...并可以向我提出更改数据库的要求。
A simple example: 一个简单的例子:
KDE login if user 'carlos' and password '123456'
SSH login if user 'carlos' and password '4nyJokeHere'
That it's possible ? 有可能吗?
Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
2 2012-09-27 13:45:13
Possible? 可能? Maybe. 也许。 You'd probably have to fiddle with pam.d to get SSH authenticating via a different mechanism to KDE etc. 您可能必须摆弄pam.d才能通过与KDE等不同的机制来进行SSH身份验证。
Coming from a different angle, I may be missing something, can you not create a second user for the SSH process, keeping your main user for KDE etc cleanly separate? 从不同的角度来看,我可能会遗漏一些东西,您是否不能为SSH进程创建第二个用户,将您的KDE等主要用户完全分开?
I'd really strongly recommend trying to "split" a user into multiple purposes/security groups with differing passwords for each! 我强烈建议您将用户“分成”多个目的/安全组,每个组具有不同的密码!
You can use authorized_keys to restrict the SSH commands available, and/or sudo... 您可以使用authorized_keys限制可用的SSH命令,和/或使用...
Update: Some expansion on the subject as requested by the OP 更新:OP要求在此主题上进行一些扩展
You can limit commands available via SSH by using ~/.ssh/authorised_keys file - see O'Reilly for a good explanation . 您可以使用〜/ .ssh / authorized_keys文件来限制通过SSH可用的命令-有关详细说明,请参见O'Reilly 。
解决方案2
1 2012-09-28 13:24:55
I'm was solved this case applying a single rule here. 我解决了这种情况,在这里应用一条规则。 On SSH service i'm was locked access of my user 'carlos --> sudoers' and enable access only for a user called 'padrao' (padrao translated to english is 'default'). 在SSH服务上,我被锁定对用户'carlos-> sudoers'的访问,并且仅对名为'padrao'的用户启用访问(padrao翻译成英语是'default')。
This user 'padrao' doesn't have sudoers permissions. 此用户“ padrao”没有sudoers权限。 If i needed access with SSH my machine i'm do: 如果我需要使用SSH访问我的机器,则可以:
ssh padrao@my.intranet.machine
password: ***
$ su carlos
password: ***
This is not the best way to solve, but solved my problem here. 这不是最好的解决方法,但是在这里解决了我的问题。
Thanks. 谢谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.