0

We are currently doing a POC where, ssh-key pairs is not allowed, meaning, we have to use password with strict 90 days password expiration imposed. So, as part of POC, assume the username is "acme", which is, we have to log into "bastion.example.com" host (ssh acme@bastion.example.com), after logging into bastion, again we have to log into target host, yes - from bastion, we run "ssh acme@machine.example.com".

Question mark - using ~/.ssh/config, how do we achieve this especially using "password replay" so that we dont have to provide password twice. With this, we can easily pass the script or command to be executed on the target host (using proxyCommand and remoteCommand).

Please share an example where we can perform "password replay".

Hare Krshn
  • 41
  • 4
  • POC? (I'm assuming "proof of concept", but I can't image what concept that prohibits key pairs is worth proving.) – chepner Jul 22 '22 at 19:01
  • Yes Proof of concept. Yes, we are only using the LDAP enabled users with password to access the hosts. – Hare Krshn Jul 22 '22 at 19:10
  • You can do that in `sshd` itself. Put allowed users in a single group, and use the `AllowGroups` option to only permit users in that group to log in. No need to ban key-based authentication. – chepner Jul 22 '22 at 19:28

0 Answers0