Using 'ForceCommand' Option

Lesley Kimmel lesley.j.kimmel at gmail.com
Thu Feb 18 09:47:27 AEDT 2016


So I probably shouldn't have said "arbitrary" script. What I really want to
do is to present a terms of service notice (/etc/issue). But I also want to
get the user to actually confirm (by typing 'y') that they accept. If they
try to exit or type anything other than 'y' they will be denied access. I'm
not sure a user can interact with a script being executed by PAM. Also, I
want to differentiate for SCP. It looks like OpenSSH will pass
SSH_ORIGINAL_COMMAND variable to the script so I can use that in the script
logic and not enforce input for SCP and/or SFTP. So it would seem to be
what I want. I found an example on the interwebs with something similar and
I built my script similarly but I can't seem to get any output. I guess I
was looking for help deciphering that DEBUG output.

On Wed, Feb 17, 2016 at 3:50 PM, Lesley Kimmel <lesley.j.kimmel at gmail.com>
wrote:

> Gert,
>
> Thank you for the feedback. Can you give any further direction on where to
> get more information on what you are describing?
>
> On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote:
>
>> Hi,
>>
>> On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:
>> > I would like to implement an arbitrary script to be executed when
>> logging
>> > on via SSH.
>>
>> I'd just do this in the PAM session handler.
>>
>> ForceCommand means "run this command *and then exit*", so this is not
>> what you want.
>>
>> gert
>>
>>
>> --
>> USENET is *not* the non-clickable part of WWW!
>>                                                            //
>> www.muc.de/~gert/
>> Gert Doering - Munich, Germany
>> gert at greenie.muc.de
>> fax: +49-89-35655025
>> gert at net.informatik.tu-muenchen.de
>>
>
>


More information about the openssh-unix-dev mailing list