I'd like to write an automation script that sets PasswordAuthentication no in /etc/ssh/sshd_config. However, I wan't to guard against locking myself out in case I run the script while being logged in via SSH and password authentication. Is there a way to determine the authentication method of my SSH connection when I'm already logged in?
Asked
Active
Viewed 59 times
1
chiborg
- 1,083
- 2
- 13
- 27
-
Changing that setting won't boot you out. You can start a new session to test your changes while leaving your current one open. As for the other part of your question, I'm not certain. You can use the `who` command to determine how you logged in, but it doesn't tell you anything about what authentication method you used. You may be able to find this information in the auth logs. – Spooler Apr 03 '17 at 17:13
-
Since the script is supposed to run unattended and is not a shell script but an Ansible playbook, it would be complicated to do another log in attempt. – chiborg Apr 03 '17 at 17:27
-
I am not that familiar with ansible, but is there any way to handle this in your playbook? As in don't even permit ansible to attempt a password-based authentication for this particular change? – Zoredache Apr 03 '17 at 17:53
1 Answers
0
Short answer, if you turn on a high enough logging level for ssh/sshd to report this detail before you begin the process, it should be trivial. If you haven't already done this it may be quite a bit harder.
In my experience, unless you have ssh or sshd running/logging with verbose (debugging level, maybe?) output, this probably isn't captured for each authentication or login event. You could have a script that checks the setting in the sshd_conf file for you... However, there is a small chance that the daemon you interacted with upon login was started manually with different options, or maybe the file was edited after the daemon was started, etc. There are lot's of "what if" scenarios, each more unlikely than the next. It really depends on the size and scope of your environment and your confidence in the integrity of the config files/systems, i.e. is this your own cluster of vpc nodes that you tinker and learn on, or is it a work/school/club VPC with many users and admins?
0xSheepdog
- 545
- 2
- 19