Hi all,
I have no root access enabled on our linux server due to safety issues. We use sudo. When I change my password using passwd command, I sometimes get issues where I can't log back in.
Pam_Tally disables due to trying my password too many times. So someone in my group has to reset that.
Is there a way that we can do this individually without someone else doing it?
Any info would help.
That you can't is really the point. If you could, so could an attacker.
Counting failed logins never struck me as a very good idea. Any attacker who knows you have Pam_Tally on can disable all your logins at the drop of a hat.
Are you logging in with ssh? Maybe they'd allow you to use ssh keys to login, with a password on the key.
Right,
We have ssh enabled. I like Public/private key encryption but for some reason I was unable to utilize it. I use Secure CRT on our UNIX servers and it was easy to set up ssh and public and private key options. With Linux, it a little different for some reason. Someone suggested that I not change password on the Linux boxes and just use a strong combination, but...maybe unsafe...
---------- Post updated at 11:56 AM ---------- Previous update was at 11:54 AM ----------
Also interesting is how would an attacker disable the logins with knowledge of Pam_Tally existence?
Fail to login to someone's account n+1 times. An attacker could even do that by accident easily enough.
What are you logging into, from what, using what? The procedure for using SSH keys from terminal is actually really easy. If Secure CRT can use or import ordinary ssh keys, set it up with that first.
Nice...
Well I'm using Secure CRT software utilizing SSH connection. As mentioned, I have set up Public/Private key combos on the UNIX machines. I've let CRT software create a hash. No problem on UNIX. Created my .ssh folder, the authorized_keys, and known_hosts files on the UNIX side. All works fine.
Did the same on Linux, and it didn't work. And, btw I think i have disabled public key on SSH config because it wasn't working.
openssh can be particular about the ownership and permissions of ~/.ssh and files inside it. Usually I just use ssh-copy-id and it sets up everything right.
maybe you can ask the administrator
I am the administrator...fairly new one and learning...but still...
In any case I got it to work...
Corona...never done what you are suggesting...I can see its a script. Do I need to create the .ssh folder with the authorized keys and known_hosts files already in there, or does this create them automatically?
---------- Post updated at 03:58 PM ---------- Previous update was at 03:55 PM ----------
Nevermind Corona, just read the man pages...sorry to bother you about that...