Thanks for suggestion. the customer firewall settings doesnt allow access to 1023, hence i was doing it from inside. So external access to port 1023 is dropped, but from loopback(inside), it would be allowed. please share your thoughts/comments. On Tue, Jan 31, 2017 at 10:19 AM, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > On Mon, Jan 30, 2017 at 1:02 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> > wrote: > > Hi, > > I am trying to give access to sshd port 22 to connect to different port > > 1023 by differentiating with special user, customuser. Following is how i > > tried, but it doesnt work, please suggest. > > The easiest way to do this is, typically, to run a *separate* sshd on > port 1023 with the characterists set to allow *only* that alternative > user access. Take a look at setting up another daemon with another > "sshd_config" file to do this. That way, you can leave your internal > default SSH the heck alone and block it at your firewalls as > appropriate. > > > > > outside, user issues command > > ssh customuser@ip, it fails > > > > > > inside sshd_config, i wrote the following: > > > > > > Match user customuser > > ForceCommand . /etc/myscript > > > > inside myscript, I do the following: > > read -p "Username: " RUSER > > ssh $RUSER@127.0.0.1 -p 1023 > > > > > > > > with this setting, i find these: > > > > If i run sshd in debug mode, password is asked in the server window, > prints > > go to client window: > > > > server terminal: > > sshd -d -f /etc/ssh/sshd_config -h /etc/ssh/ssh_key > > > > Starting session: forced-command (config) '. /etc/myscript' on pts/3 for > > customuser from 10.102.12.12 port 41622 > > admin@127.0.0.1's password: > > > > > > client terminal: > > ssh customuser@10.220.167.18 > > Username: admin > > > > > > If i run sshd in non interactive mode: > > it doesnt ask for password at all > > > > server logs: > > > > Jan 30 17:22:18 Linux auth.info sshd[5229]: WARNING: > /usr/local/etc/moduli > > does not exist, using fixed modulus > > Jan 30 17:22:18 Linux auth.err sshd[5229]: error: Could not get shadow > > information for customuser > > Jan 30 17:22:18 Linux auth.info sshd[5229]: Accepted none for customuser > > from 10.220.82.17 port 41645 ssh2 > > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't > stat > > /var/log/lastlog: No such file or directory > > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't > stat > > /var/log/lastlog: No such file or directory > > > > > > client logs: > > > > ssh customuser@10.220.167.184 > > Username: admin > > Permission denied, please try again. > > Permission denied, please try again. > > Permission denied (publickey,password). > > Connection to 10.220.167.184 closed. > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev