Differences

This shows you the differences between two versions of the page.

--- cluster:157 [2017/04/06 14:35]
hmeij07
+++ cluster:157 [2017/04/06 15:31] (current)
hmeij07
@@ Line 38: / Line 38: @@
     * useradd -u 15001 -g 15001 weshmeij
     * echo `date | md5sum | awk '{print $1}'` | passwd weshmeij --stdin
-    * su - weshmeij -c "ssh-keygen -b 2048 -t rsa -f /home/weshmeij/.ssh/weshmeij -q -N '''' " # 4 single ticks
+    * su - weshmeij -c "ssh-keygen -b 2048 -t rsa -f /home/weshmeij/.ssh/weshmeij -q -N '''' " # 4 single quotes before closing double quote
     * mv /home/weshmeij/.ssh/weshmeij.pub /etc/ssh/authorized_keys/weshmeij
     * chown root:root /etc/ssh/authorized_keys/weshmeij
@@ Line 44: / Line 44: @@
     * CollegeA user hmeij saves private key to $HOME/.ssh/weshmeij.priv; alters permissions chmod go-rwx
     * script finishes; rm -f /home/weshmeij/.ssh/weshmeij
+    * that night college[A|B|C] root retrieves all lines in the range 15001-30000
+      * makes home dirs if they do not exist (parse lines build useradd, or via pam.d/sshd?)
+      * download public keys, updates in /etc/ssh/authorized_keys (rsync with --delete)
+      * replaces local passwd/shadow/group with retrieved lines
+  * user hmeij@wes: ssh weshmeij@openhpc.lafayette.edu -i /home/hmeij/.ssh/weshmeij.priv
-Hmm, this requires that at CollegeA user hmeij can switch to weshmeij credentials before connecting to CollegeB (echo "$unm $localhost=/bin/su - $pre$unm" >> /etc/sudoers"). Not pretty.
+That would work. Nobody knows the passwords for these guest accounts.
-Ahh, since
 **Kerberos & AD**

DokuWiki

User Tools

Site Tools

Differences

Page Tools