On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr@xxxxxxxxxxxxxxx> wrote: > On 2015-11-26 13:33, Darren Tucker wrote: [...] >> What is the script going to do? You didn't answer this. > How would you do it using bsdauth? > > (PAM seems very redundant to install on OBSD.) You are using OpenBSD or something else? [...] >> This sounds a bit like what authpf[1] does. I imagine you could write >> firewall rules to block outgoing tcp connections from sshd until after >> authpf runs, if that is an option for you. > > (That sounds like a very indirect approach, in particular as it would cover > only some connections?) Assuming you write the PF rules to do so you should be able to match local processes (using "user" rules and the $user_id authpf macro) as well as connections from the IP address they're logging in as (using "from" rules and $user_ip macro). But all of this is speculative because you still have not described what the objective of this exercise is. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev