On Mon, Jan 30, 2017 at 1:02 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote: > Hi, > I am trying to give access to sshd port 22 to connect to different port > 1023 by differentiating with special user, customuser. Following is how i > tried, but it doesnt work, please suggest. The easiest way to do this is, typically, to run a *separate* sshd on port 1023 with the characterists set to allow *only* that alternative user access. Take a look at setting up another daemon with another "sshd_config" file to do this. That way, you can leave your internal default SSH the heck alone and block it at your firewalls as appropriate. > > outside, user issues command > ssh customuser@ip, it fails > > > inside sshd_config, i wrote the following: > > > Match user customuser > ForceCommand . /etc/myscript > > inside myscript, I do the following: > read -p "Username: " RUSER > ssh $RUSER@127.0.0.1 -p 1023 > > > > with this setting, i find these: > > If i run sshd in debug mode, password is asked in the server window, prints > go to client window: > > server terminal: > sshd -d -f /etc/ssh/sshd_config -h /etc/ssh/ssh_key > > Starting session: forced-command (config) '. /etc/myscript' on pts/3 for > customuser from 10.102.12.12 port 41622 > admin@127.0.0.1's password: > > > client terminal: > ssh customuser@10.220.167.18 > Username: admin > > > If i run sshd in non interactive mode: > it doesnt ask for password at all > > server logs: > > Jan 30 17:22:18 Linux auth.info sshd[5229]: WARNING: /usr/local/etc/moduli > does not exist, using fixed modulus > Jan 30 17:22:18 Linux auth.err sshd[5229]: error: Could not get shadow > information for customuser > Jan 30 17:22:18 Linux auth.info sshd[5229]: Accepted none for customuser > from 10.220.82.17 port 41645 ssh2 > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't stat > /var/log/lastlog: No such file or directory > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't stat > /var/log/lastlog: No such file or directory > > > client logs: > > ssh customuser@10.220.167.184 > Username: admin > Permission denied, please try again. > Permission denied, please try again. > Permission denied (publickey,password). > Connection to 10.220.167.184 closed. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
