Re: Using 'ForceCommand' Option

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



So I probably shouldn't have said "arbitrary" script. What I really want to
do is to present a terms of service notice (/etc/issue). But I also want to
get the user to actually confirm (by typing 'y') that they accept. If they
try to exit or type anything other than 'y' they will be denied access. I'm
not sure a user can interact with a script being executed by PAM. Also, I
want to differentiate for SCP. It looks like OpenSSH will pass
SSH_ORIGINAL_COMMAND variable to the script so I can use that in the script
logic and not enforce input for SCP and/or SFTP. So it would seem to be
what I want. I found an example on the interwebs with something similar and
I built my script similarly but I can't seem to get any output. I guess I
was looking for help deciphering that DEBUG output.

On Wed, Feb 17, 2016 at 3:50 PM, Lesley Kimmel <lesley.j.kimmel@xxxxxxxxx>
wrote:

> Gert,
>
> Thank you for the feedback. Can you give any further direction on where to
> get more information on what you are describing?
>
> On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert@xxxxxxxxxxxxxx> wrote:
>
>> Hi,
>>
>> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:
>> > I would like to implement an arbitrary script to be executed when
>> logging
>> > on via SSH.
>>
>> I'd just do this in the PAM session handler.
>>
>> ForceCommand means "run this command *and then exit*", so this is not
>> what you want.
>>
>> gert
>>
>>
>> --
>> USENET is *not* the non-clickable part of WWW!
>>                                                            //
>> www.muc.de/~gert/
>> Gert Doering - Munich, Germany
>> gert@xxxxxxxxxxxxxx
>> fax: +49-89-35655025
>> gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>>
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux