Hi, can someone please respond on this approach, It is not working as sshd expects users to be present in allowedusers, etc. As we can have radius users and is authenticated by our applciation, we want sshd to give that validation to our module. Match user !root,!guest ForceCommand . /etc/redirect2024 cat /etc/redirect2024 read user ForceCommand ssh -A -p 2024 $user@localhost If I have to modify openssh sshd code to some thing like this: If $user is not linux user ssh $user@localhost -p 2024 Can you please suggest, which functions or from where i start working towards this direction in the open sshd source code thanks a lot On Thu, Jul 27, 2017 at 11:26 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> wrote: > Hi, can we avoid client side changes. > > Can we change sshd_config some thing like: > except linux users, redirect rest of the users to use port 2024. Now the > rest of the users are not linux users and are dynamically created. Hence > its entry cant be there in /etc/passwd or sshd_config Allowusers , Please > suggest if there is a better way. (using PAM would be a major change for > us , so it doesnt work) > > Match user !root,!guest > ForceCommand . /etc/redirect2024 > > > > cat /etc/redirect2024 > read user > ForceCommand ssh -A -p 2024 $user@localhost > > > Regards, > Sudarshan > > > > On Tue, Jul 18, 2017 at 11:18 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx> > wrote: > >> Thanks somuch. I am checking it. >> >> Best Regards, >> >> On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti@xxxxxxxxxxxxxxxxxxxx> >> wrote: >> >>> >>> > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s@xxxxxxxxx >>> >: >>> > >>> > Hi , >>> > I have the following requirement . >>> > other than following users, any other user sshd connection should be >>> > redirected to 2024 instead of port 22. >>> > root, ftp, guest >>> > >>> > So >>> > ssh root@ip // should be sent to sshd running at port 22 >>> > ssh otheruser@ip // should be sent to sshd running at port 2024 >>> > >>> > >>> > I know that we can do something like this: >>> > >>> > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser@ip' otheruser@ >>> > <secadmin@10.220.167.184>ip >>> > >>> > will take to otheruser login to port 2024 after sshd_config settings >>> > >>> > Match user cliuser >>> > >>> > MaxSessions 0 >>> > >>> > PermitOpen localhost:2024 >>> > >>> > >>> > >>> > This requires long command at the client side . Can this be made >>> simple like >>> > >>> > >>> > ssh otheruser@ip automatically goes to port 2024 after i make some >>> > redirection at sshd_config >>> >>> It could be implemented on the client side: >>> >>> - one global ssh_config wich defined to use port 2024 (always) >>> - three custom ssh_config files for the three users in question to use >>> port 22 >>> >>> -- Reuti >> >> >> > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
