Skip navigation
Up to Discussions in GT.M Integration
1,819 Views 2 Replies Last post: Feb 3, 2010 8:26 AM by zyat01 RSS
zyat01 Contributor
zyat01
31 posts since
Mar 12, 2009
Currently Being Moderated

Jan 25, 2010 2:28 PM

ovtied

dear all

 

my question regards a fresh server installation on ubuntu 9.10 server (the "10 min video" btw is so choppy in its playback - if it plays back at all- that a lot of the install was guess work)

 

i read the ovtied man page

 

"ovtied  is  called  as  an  SSH  forced  command for tied accounts.  It
       presents "roll-n-scroll" users with an access/verify code prompt.  Pre‐
       cautions are taken to prevent users from accessing the underlying Linux
       shell."

 

first - what is a "tied account" and how do i create it ?

 

second

 

when i

 

ssh openvista@xxx.xxx.xxx.xxx

 

i was asked for a password; it was not documented as far as i could search, so i set one with "passwd openvista".

 

then

 

ssh openvista@xxx.xxx.xxx.xxx

 

gets me a bash in home directory openvista;

 

I was under the impression that it would call /usr/bin/ovtied --open as specifieid in ~/.ssh/authorized_keys

 


which would have been the desired behavior;

 

so what do i have to do to ensure roll and scroll users get only into openvista and cannot log into a bash instance ?

 

My goal is to create an environment exactly as ovtied states it:

 

user ssh's to the server, gets access/verify code screen, does whatever he/she ahs to do without being able to spawn another terminal or similar and upon halting the llogin into openvista the ssh session is automatically closed;

 

thanks for your help;

Jonathan Tai Medspherian
Jonathan Tai
341 posts since
Jul 24, 2008
Currently Being Moderated
1. Jan 25, 2010 4:46 PM in response to: zyat01
Re: ovtied

my question regards a fresh server installation on ubuntu 9.10 server (the "10 min video" btw is so choppy in its playback - if it plays back at all- that a lot of the install was guess work)

I'm sorry to hear that -- while I have some problems seeking with the flash player, regular playback works for me.  What platform are you using?  (OS X? Windows? Linux?)  The video is hosted by an external service (blip.tv), so there isn't too much we can do about the video, unfortunately.

 

first - what is a "tied account" and how do i create it ?

A tied account is a Linux user account that is dedicated for clinical users to log in.  It is called a "tied" account because users logging in with that account are tied to OpenVista and are not allowed regular shell access.  It's similar to other system accounts like apache or ftp.  Our packages create an"openvista" account that is used as the tied account.  It's created automatically -- you don't need to create it.

 

when i

 

ssh openvista@xxx.xxx.xxx.xxx

 

i was asked for a password; it was not documented as far as i could search, so i set one with "passwd openvista".

It's a bummer you couldn't see the video, because I explained this... there is no password set on the tied account because you're supposed to log in with SSH keys.  The keys are automatically generated for each OpenVista instance you create and can be found in the etc subdirectory in the instance's root directory (e.g., /opt/openvista/open/etc)  You need to use SSH keys -- passwords won't work, because the tied account relies on sshd's forced commands feature, which only works with SSH keys.

 

I would remove the password for the "openvista" account using "sudo passwd -d openvista", then use the SSH keys.

zyat01 Contributor
zyat01
31 posts since
Mar 12, 2009
Currently Being Moderated
2. Feb 3, 2010 8:26 AM in response to: Jonathan Tai
Re: ovtied

 

this is a repost - see attached;

Attachments:

More Like This

  • Retrieving data ...

Bookmarked By (0)