On Thu, May 12, 2005 at 08:35:03AM -0500, israel.garcia at cimex.com.cu enlightened us:> List, It's amazing the soon the messages on this list are answered, I am > glad and I want to thank you all for that... > > Here is my question, I have a DataBase CentOS server working with about > 150 users connected via ssh, so I want to set up for all users strongs > passwords, I mean, 8 or more caracters, with ,.;* , ect....... Is there > some option, bash command which do that? >The mkpasswd command included in the expect RPM can generate them for you. A little shell scripting will change the passwords for the users. Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20050512/68ef146e/attachment-0004.sig>
List, It's amazing the soon the messages on this list are answered, I am glad and I want to thank you all for that... Here is my question, I have a DataBase CentOS server working with about 150 users connected via ssh, so I want to set up for all users strongs passwords, I mean, 8 or more caracters, with ,.;* , ect....... Is there some option, bash command which do that? Is there some HOWto, tutorial, rules about securing, monitoring users with access to the bash shell? (They login via ssh). Regards, Israel Garcia
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of israel.garcia at cimex.com.cu > Sent: Thursday, May 12, 2005 8:35 AM > To: centos at centos.org > Subject: [CentOS] About strongs passwords! > > List, It's amazing the soon the messages on this list are answered, Iam> glad and I want to thank you all for that... > > Here is my question, I have a DataBase CentOS server working withabout> 150 users connected via ssh, so I want to set up for all users strongs > passwords, I mean, 8 or more caracters, with ,.;* , ect....... Isthere> some option, bash command which do that?I use apg. It's very flexible allowing you to create secure, yet pronounceable passwords that are easy to remember, as well as completely random passwords using special symbols and mixed case. http://www.adel.nursat.kz/apg/ -- Marc
Bryan J. Smith <b.j.smith@ieee.org>
2005-May-12 21:39 UTC
[CentOS] About strongs passwords!
israel.garcia at cimex.com.cu wrote:> Here is my question, I have a DataBase CentOS server working with > about 150 users connected via ssh, so I want to set up for all users > strongs passwords ... cut ...In addition to the password considerations, I recommend the following. 1) Disable SSH v1 access 2) Disable all authentication, including password authentication, except public key authentication. 3) Generate all public keys with passphrases. Alternatively, if you have either a UNIX Kerberos realm, or you are already synchronizing UNIX and ADS authentication, consider Kerberos authentication instead (e.g., one-way ADS trust, if you are are already using ADS for authentication of UNIX). Otherwise, public key would be far better than password authentication. -- Bryan J. Smith mailto:b.j.smith at ieee.org
israel.garcia at cimex.com.cu wrote:>List, It's amazing the soon the messages on this list are answered, I am >glad and I want to thank you all for that... > >Here is my question, I have a DataBase CentOS server working with about >150 users connected via ssh, so I want to set up for all users strongs >passwords, I mean, 8 or more caracters, with ,.;* , ect....... Is there >some option, bash command which do that? > >Is there some HOWto, tutorial, rules about securing, monitoring users >with access to the bash shell? (They login via ssh). > >Regards, > >Israel Garcia > >I'm not sure if this is what you're looking for, but PAM has several plugins that might help with this. These libraries enhance the authentication system to do all kinds of things. Check out the PAM HOWTO here: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html If you want to enforce strong passwords with dictionary checking, minimal password lengths, certain numbers/types of characters, look at pam_cracklib. Good luck! --Shawn
Message: 5 Date: Thu, 12 May 2005 08:41:20 -0400 From: Matt Hyclak <hyclak at math.ohiou.edu> Subject: Re: [CentOS] About strongs passwords! To: centos at centos.org Message-ID: <20050512124120.GB5989 at math.ohiou.edu> Content-Type: text/plain; charset="us-ascii" On Thu, May 12, 2005 at 08:35:03AM -0500, israel.garcia at cimex.com.cu enlightened us:> List, It's amazing the soon the messages on this list are answered, Iam> glad and I want to thank you all for that... > > Here is my question, I have a DataBase CentOS server working withabout> 150 users connected via ssh, so I want to set up for all users strongs > passwords, I mean, 8 or more caracters, with ,.;* , ect....... Isthere> some option, bash command which do that? >Great, but: 1. My users have to work on the shell because, they run a C++ scritp to work in tha database.. 2. So I want to force my users to pick a strong password.. Is there some command, tool to do this? Regards, Israel The mkpasswd command included in the expect RPM can generate them for you. A little shell scripting will change the passwords for the users. Matt
On 5/12/05, israel.garcia at cimex.com.cu <israel.garcia at cimex.com.cu> wrote:> Here is my question, I have a DataBase CentOS server working with about > 150 users connected via ssh, so I want to set up for all users strongs > passwords, I mean, 8 or more caracters, with ,.;* , ect....... Is there > some option, bash command which do that?Check out this page: http://www.puschitz.com/SecuringLinux.shtml#EnforcingStrongerPasswords Excellent information on _exactly what you are looking for there. That section applies to what you are looking for, but the article as a whole is wonderful as well. Thanks, Ryan