Re:

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, Jan 30, 2017 at 1:02 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote:
> Hi,
> I am trying to give access to sshd port 22 to connect to different port
> 1023 by differentiating with special user, customuser. Following is how i
> tried, but it doesnt work, please suggest.

The easiest way to do this is, typically, to run a *separate* sshd on
port 1023 with the characterists set to allow *only* that alternative
user access. Take a look at setting up another daemon with another
"sshd_config" file to do this. That way, you can leave your internal
default SSH the heck alone and block it at your firewalls as
appropriate.

>
> outside, user issues command
> ssh customuser@ip, it fails
>
>
> inside sshd_config, i wrote the following:
>
>
> Match user customuser
>     ForceCommand . /etc/myscript
>
> inside myscript, I do the following:
> read -p "Username: " RUSER
> ssh $RUSER@127.0.0.1 -p 1023
>
>
>
> with  this setting, i find these:
>
> If i run sshd in debug mode, password is asked in the server window, prints
> go to client window:
>
> server terminal:
> sshd -d -f /etc/ssh/sshd_config -h /etc/ssh/ssh_key
>
> Starting session: forced-command (config) '. /etc/myscript' on pts/3 for
> customuser from 10.102.12.12  port 41622
> admin@127.0.0.1's password:
>
>
> client terminal:
> ssh customuser@10.220.167.18
> Username: admin
>
>
> If i run sshd in non interactive mode:
> it doesnt ask for password at all
>
> server logs:
>
> Jan 30 17:22:18 Linux auth.info sshd[5229]: WARNING: /usr/local/etc/moduli
> does not exist, using fixed modulus
> Jan 30 17:22:18 Linux auth.err sshd[5229]: error: Could not get shadow
> information for customuser
> Jan 30 17:22:18 Linux auth.info sshd[5229]: Accepted none for customuser
> from 10.220.82.17 port 41645 ssh2
> Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't stat
> /var/log/lastlog: No such file or directory
> Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't stat
> /var/log/lastlog: No such file or directory
>
>
> client logs:
>
>  ssh customuser@10.220.167.184
> Username: admin
> Permission denied, please try again.
> Permission denied, please try again.
> Permission denied (publickey,password).
> Connection to 10.220.167.184 closed.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux