passwordless user on gcp debian server - linux

I'm hosting my file server on GCP debian 10 virtual machine and I want to create passwordless user so people could publicly download files from his home directory.
So I created new user, removed his password with passwd -d username, changed /etc/ssh/sshd_config file so it would allow this exact user to login with empty password and set chroot jail, restarted ssh service.
Unfortunately, when I'm connection via ssh into this user it still prompts me with a password.
This setup was working on the old server, configs are definitly correct and user definitely does not have password. I guess google implemented some additionl protection that dosen't allow me to do what I want.
Maybe someone had already bumbed into the same problem before?

I reached the support and they said google doesn't support passwordless ssh connections.

Related

What is my password when I connect via SSH?

I created a Debian VM in the Google Cloud, clicked on SSH from the GCP interface. A console shell opened, no problem, I'm logged in. Now I want to use sudo: it asks me for my current password. What is my password? Also, what is the root password?
The user account created by Google Compute Engine doesn't set a password. As an implication it is impossible to use sudo and most screen-locking apps can't unlock.
To set password follow steps from the documentation:
Connect to the instance using SSH, as you did when you first set up the instance.
Here is the documentation how to connect using SSH.
Create a password for the user:
sudo passwd $(whoami)
Please note that this password will be also used on the screen lock.

How can I prevent a disabled AD user from logging in to a Linux server that has his public key?

I have a case on my Ubuntu Linux 16.04 servers that I need your help with:
Current Scenario
A valid AD user logs in to the Ubuntu Linux server via SSH
That user adds his public key to ~/.ssh/authorized_keys for passwordless login
I disable/lock/delete the AD user to prevent him from logging in
The user was still able to login to the server, since his public key is still there!
Expected Scenario: If I disable/lock/delete a user's AD account (or his AD password expires), he shouldn't be able to login to any server with his AD account, even if his public key is installed there.
I have hundreds of servers, and it would be very difficult to track all the installed public keys.
Any solutions or workarounds for this without disabling PKI completely?
Note: I use PBIS Open to join my Linux servers to the AD domain.
The solution is to add this to /etc/ssh/sshd_config:
AuthenticationMethods "publickey,password" "publickey,keyboard-interactive"
This will require public key and then will ask the user to enter his AD password.

sshd_config: AllowUsers is allowing unauthorized users

So I've a VM that has SSH login. In this machine I only want one user ( lets say admin) to be able to login in via SSH.
Ive changed the sshd_config and added the AllowUsers admin directive. The problem is that I can still login to the machine with the user user, for example.
The host is a Ubuntu server and I'm accessing it via vSphere Client.
Is there anything I'm missing here?

how to change samba client windows 7 user access samba password, user site?

I was configured samba sharing server centos 6.6. I created samba sharing server access users, client asked for me. How to reset password to myself in samba user,
i dont no any idea. "can you please tell and help me". How to change samba user password.
Thanks and Regards,
Mani
You need to use smbpasswd to change your user password of samba,
Add your username to samba database again like as follows,
sudo smbpasswd -a <username>
For more information check man page.

RHEL- Limited root access

I need to allow certain users limited access to the lab server. The server is RHEL 5.6. However, I don't want to give them the root access. Basically, we have configured a LDAP server where all the users have centralized NFS and LDAP login from any of the client machines in the network. So, the LDAP users home area is located in /home/users in the server. I need to give access to only this folder to a certain user.
If I edit the visudo file and add the following line in the RHEL server, will I be able to accomplish what am looking for?
user1, %operator ALL= /home/users
When you are authenicating users with ldap and nfs mounted share, as such users of ldap or without ldap would be restricted to work in their home directory only.
Thanks & Regards,
Alok Thaker
Basically, as you giving all users access as users not as root hence all users will not have root access either using local authentication or remote authentication. I hope the users don't know your root password. :)
SUDO is used only when you want to give some users privilege to run the command as root like a normal user will not be able to do the command "service network restart" but if you allow the user have sudo privileges, he will be able to do it.

Resources