How to control which command is executed with "plain ssh" from remote machine?

Iain Morgan imorgan at
Tue Dec 18 05:18:23 EST 2012

On Mon, Dec 17, 2012 at 05:13:19 -0600, John Olsson M wrote:
> Hi!
> Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login?
> We have naïvely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client?
> /John

OpenSSH does not provide the ability to override the user's shell. At
times, I have contemplated submitting a patch to implement a ForceShell
option that would do this, but I haven't gotten around to writing any
code yet. I hope to take a look at this in the near future.

Since you mentioned LDAP, the client software which you are using may
provide the ability to override the user's shell. For example, nslcd and
recent versions of sssd can do this. However, they may not have the
flexibility that you are looking for.

Iain Morgan

More information about the openssh-unix-dev mailing list