anthonysomerset

Asked: 2014-01-08 07:04:47 +0800 CST2014-01-08 07:04:47 +0800 CST 2014-01-08 07:04:47 +0800 CST

Linux TACACS+ auth for SSH but allow users to use public key auth

we have running tacacs environment for centralised login to our routers, firewalls etc and even most of our linux boxes to ssh

what we would like to do is allow users to authenticate to SSH via public key auth rather than having to type there password in, but still authorize via tacacs to check that login is indeed allowed and access should be granted, but if the user is disabled in tacacs it should be rejected

is that possible and how would it be achieved - we are using RedHat/Centos with pam_tacplus

secondary related question: how would you allow specific system accounts to bypass tacacs authentication so that server to server scripts could run via SSH and public key auth without the need to exist in tacacs also

Linux TACACS+ auth for SSH but allow users to use public key auth

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Linux TACACS+ auth for SSH but allow users to use public key auth

0 Answers