Hi, Thanks for the replay. This is the platform which we are using. Distributor ID: Debian Description: Debian GNU/Linux 8.2 (jessie) Release: 8.2 Codename: jessie Regards, Vishwanath KC +918892599848. On Tue, Jan 24, 2017 at 11:16 AM, Darren Tucker <dtucker at zip.com.au> wrote:> On Tue, Jan 24, 2017 at 4:17 PM, Vishwanath KC <vicchi.cit at gmail.com> > wrote: > [...] > > But in my case all user info is present in remote database and > > authentication is form remote using tacacs+ server. > > What platform is this? You probably want a NSS module or the > equivalent for your platform so that getpwnam(3) knows about those > users (including things like uid/gid, home directory and shell). I'm > not sure TACACS can provide the required details, though. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >
On Tue, Jan 24, 2017 at 4:54 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: [...]> Distributor ID: Debian > Description: Debian GNU/Linux 8.2 (jessie)As you've seen, sshd requires that the system's getpwnam() function knows the user, without which it does not know, for example, what userid to run processes as should you manage to successfully authenticate. You will need to either arrange for your system's NSS to know about your users somehow or modify sshd. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
> On 24 Jan 2017, at 06:01, Darren Tucker <dtucker at zip.com.au> wrote: > > On Tue, Jan 24, 2017 at 4:54 PM, Vishwanath KC <vicchi.cit at gmail.com> wrote: > [...] >> Distributor ID: Debian >> Description: Debian GNU/Linux 8.2 (jessie) > > As you've seen, sshd requires that the system's getpwnam() function > knows the user, without which it does not know, for example, what > userid to run processes as should you manage to successfully > authenticate. > > You will need to either arrange for your system's NSS to know about > your users somehow or modify sshd.From memory, last time I got this working, we used NSS LDAP and PAM LDAP, and got public keys over LDAP too. It required some fiddling. -- Alex Bligh