tightening ssh
Alejandro Flores
alejandrorflores at gmail.com
Mon Nov 21 01:51:12 UTC 2005
Hey,
> >- Use a program to ask something to the user who logs in.
>
> I don't know much about ssh. Does "ssh <hostname> <command>" bypass this
> program? Say "ssh your at host /bin/bash"?
Yes, if you call this program in your /etc/profile or ~user/.bash_profile.
When a user logs in, sshd will execute:
/path/to/UserShell -
When a User issue a command like "ssh you at host /bin/bash", sshd will execute:
/path/to/UserShell -c '/bin/bash'.
So, in order to work, the user shell must be set to this program.
Example:
/bin/shellWraper:
#!/bin/bash
echo -n "Who is the master Lee Roy?"
read w
if [ "$w" != "ShoNuff" ]; then
echo "Bad answer Lee Roy!"
exit 255
fi
if [ $# -gt 0 ]; then
/bin/bash -c "$@"
else
/bin/bash -
fi
chmod +x /bin/shellWrapper
Set the user shell to /bin/shellWrapper
you:x:504:504::/home/you:/bin/shellWrapper
Try to log in as this user.
--
Regards,
Alejandro Flores
http://www.triforsec.com.br/
More information about the users
mailing list