So I probably shouldn't have said "arbitrary" script. What I really want to do is to present a terms of service notice (/etc/issue). But I also want to get the user to actually confirm (by typing 'y') that they accept. If they try to exit or type anything other than 'y' they will be denied access. I'm not sure a user can interact with a script being executed by PAM. Also, I want to differentiate for SCP. It looks like OpenSSH will pass SSH_ORIGINAL_COMMAND variable to the script so I can use that in the script logic and not enforce input for SCP and/or SFTP. So it would seem to be what I want. I found an example on the interwebs with something similar and I built my script similarly but I can't seem to get any output. I guess I was looking for help deciphering that DEBUG output. On Wed, Feb 17, 2016 at 3:50 PM, Lesley Kimmel <lesley.j.kimmel@xxxxxxxxx> wrote: > Gert, > > Thank you for the feedback. Can you give any further direction on where to > get more information on what you are describing? > > On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert@xxxxxxxxxxxxxx> wrote: > >> Hi, >> >> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote: >> > I would like to implement an arbitrary script to be executed when >> logging >> > on via SSH. >> >> I'd just do this in the PAM session handler. >> >> ForceCommand means "run this command *and then exit*", so this is not >> what you want. >> >> gert >> >> >> -- >> USENET is *not* the non-clickable part of WWW! >> // >> www.muc.de/~gert/ >> Gert Doering - Munich, Germany >> gert@xxxxxxxxxxxxxx >> fax: +49-89-35655025 >> gert@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev