No subject

Sudarshan Soma sudarshan12s at gmail.com
Tue Jan 31 15:57:27 AEDT 2017


Thanks for suggestion. the customer firewall settings doesnt allow access
to 1023, hence i was doing it from inside. So external access to port 1023
is dropped, but from loopback(inside), it would be allowed. please share
your thoughts/comments.



On Tue, Jan 31, 2017 at 10:19 AM, Nico Kadel-Garcia <nkadel at gmail.com>
wrote:

> On Mon, Jan 30, 2017 at 1:02 PM, Sudarshan Soma <sudarshan12s at gmail.com>
> wrote:
> > Hi,
> > I am trying to give access to sshd port 22 to connect to different port
> > 1023 by differentiating with special user, customuser. Following is how i
> > tried, but it doesnt work, please suggest.
>
> The easiest way to do this is, typically, to run a *separate* sshd on
> port 1023 with the characterists set to allow *only* that alternative
> user access. Take a look at setting up another daemon with another
> "sshd_config" file to do this. That way, you can leave your internal
> default SSH the heck alone and block it at your firewalls as
> appropriate.
>
> >
> > outside, user issues command
> > ssh customuser at ip, it fails
> >
> >
> > inside sshd_config, i wrote the following:
> >
> >
> > Match user customuser
> >     ForceCommand . /etc/myscript
> >
> > inside myscript, I do the following:
> > read -p "Username: " RUSER
> > ssh $RUSER at 127.0.0.1 -p 1023
> >
> >
> >
> > with  this setting, i find these:
> >
> > If i run sshd in debug mode, password is asked in the server window,
> prints
> > go to client window:
> >
> > server terminal:
> > sshd -d -f /etc/ssh/sshd_config -h /etc/ssh/ssh_key
> >
> > Starting session: forced-command (config) '. /etc/myscript' on pts/3 for
> > customuser from 10.102.12.12  port 41622
> > admin at 127.0.0.1's password:
> >
> >
> > client terminal:
> > ssh customuser at 10.220.167.18
> > Username: admin
> >
> >
> > If i run sshd in non interactive mode:
> > it doesnt ask for password at all
> >
> > server logs:
> >
> > Jan 30 17:22:18 Linux auth.info sshd[5229]: WARNING:
> /usr/local/etc/moduli
> > does not exist, using fixed modulus
> > Jan 30 17:22:18 Linux auth.err sshd[5229]: error: Could not get shadow
> > information for customuser
> > Jan 30 17:22:18 Linux auth.info sshd[5229]: Accepted none for customuser
> > from 10.220.82.17 port 41645 ssh2
> > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't
> stat
> > /var/log/lastlog: No such file or directory
> > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't
> stat
> > /var/log/lastlog: No such file or directory
> >
> >
> > client logs:
> >
> >  ssh customuser at 10.220.167.184
> > Username: admin
> > Permission denied, please try again.
> > Permission denied, please try again.
> > Permission denied (publickey,password).
> > Connection to 10.220.167.184 closed.
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list