Subject: Re: vipw for vpn (want user sans passwd)
To: None <oinkfreebiker@att.net>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-help
Date: 02/20/2002 09:40:10
On Wed, 20 Feb 2002 oinkfreebiker@att.net wrote:
> But I need to create a user "vpnuser" who has now passwd.
> I tried using vipw and setting a star to the encrypted
> passwd for vpnuser --- but login still asks for a passwd
A star "*" is the password -- which can never be matched. If you have no
password then the field is empty "::", but that is bad (and probably not
what you want).
> -- and the old passwd no longer functions.
Of course, you replaced it. (Note that vipw under BSD is different than
standard Linux versions: you are actually editing the real user database
not the passwd file.)
> How do I make "vpnuser" passwordless for the VPN script
> of SSH-IP-TUNNEL?
I don't know about your actual setup, but I use ssh's RSAAuthentication or
PubkeyAuthentication for connecting without password (so it can connect
automatically).
Basically, you use ssh-keygen to generate your keys on the client system
without using a pass-phrase, and then copy the public key (identity.pub,
id_dsa.pub or id_rsa.pub) to the $HOME/.ssh/authorized_keys on the
server-side.
(You could also use other configurations to be more specific to users and
hosts.)
Jeremy C. Reed
http://www.reedmedia.net/