Sharing public key with ssh

ssh ssh-keys encryption

Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login? If that's not possible, if I were to give all customers the same public key, would each connection be encrypted individually? (i.e. user A coudn't decrypt the payload of user B's connection)

I wish to provide access to a single program, which will prompt for a username and password.

Encryption is essential though, and users must not be able to snoop in on each other

Thanks


I don't think you can remove authentication part of SSH because you alway need a username to open a session but you can set a blank password and set PermitEmptyPasswords to yes in your sshd configuration.
But this is not really safe, using keys authentication is better.

If you give your customers a public key it means that they can allow you to connect to their ssh server, not yours.
I think you want customers to connect to your ssh server. In this case customers need to give you their public key and you will allow them to connect. If all customers were using the same public key to connect to your ssh server it would mean that all customers use the same private key, and this is not an option (it's not your role to provide a private key and private key should not be shared)

Regarding encryption and snooping, encryption is done with session keys not public/private key, but to exchange session keys ssh use public/private key.
So if all your customers where using the same private keys, if they snoop a session from the begining they could decrypt the session, if they snoop the session after session keys exchange it would be very difficult to decrypt the session.

A good Article on how ssh works http://www.eng.cam.ac.uk/help/jpmg/ssh/ssh-detail.html


Bit late but you can force a user to run a particular program upon login (by any means) by setting their shell to that program in /etc/passwd. I believe there's a more complex way when using sshd using .sshrc files but I'm not presuming you're on OpenSSH - it's all in the man files though.


Think of the private key as the secret. When you are to prove something, like your identity in this case, you can claim you know a secret, in this case, the private ssh key. The public key is that: "public", and in that sense it can't be used to prove anything.

This goes along with the recommendation that don't give more than one user the same private key, ever. A huge amount of security holes origin in attempts to make security processes less burdening. There are secure ways to do that too. But you as the admin, will have to make the work, otherwise you are automatically letting your network and its users open to attack.

"Don't take shortcuts"

Related

Using PuTTY for serial connection
Can you have multiple DNS registrars?
Can't Reset Password - Ubuntu 10.04 on Hyper-V
mdadm: Swapping out small hard drives for bigger ones in a RAID5, How to partition?
Does a Redundant Power Splitter Exist?
Mysql slow query log is on but not logging anything
How to get started on Mainframes and is it worth while?
Is it possible to use ebtables to filter traffic by MAC-addresses on simple ethernet interface, without bridging?
Outbound ports to allow through firewall - core requirements
SQL Server Trial Edition to Full Edition
RHN/Yum update from Red Hat Enterprise Linux 5.0 to 5.1
CNAME to AWS Public DNS?