John Olsson M
2012-Dec-17 11:13 UTC
How to control which command is executed with "plain ssh" from remote machine?
Hi! Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? /John -- John Olsson Ericsson AB BSC/BSS System Management -------------------------------------------------- Tel: +46 (0)10 7114 666 Mobile: +46 (0)730 43 53 44 --------------------------------------------------
Iain Morgan
2012-Dec-17 18:18 UTC
How to control which command is executed with "plain ssh" from remote machine?
On Mon, Dec 17, 2012 at 05:13:19 -0600, John Olsson M wrote:> Hi! > > Is it possible to override in OpenSSH so that the shell specified in the /etc/passwd (or what comes from the LDAP server) is not executed at login? > > We have na?vely tried to specify this with subsystem but found out that by default the ssh client does not specify any subsystem. So how to override something that is unset from the client? > > > /John >OpenSSH does not provide the ability to override the user's shell. At times, I have contemplated submitting a patch to implement a ForceShell option that would do this, but I haven't gotten around to writing any code yet. I hope to take a look at this in the near future. Since you mentioned LDAP, the client software which you are using may provide the ability to override the user's shell. For example, nslcd and recent versions of sssd can do this. However, they may not have the flexibility that you are looking for. -- Iain Morgan
Peter Stuge
2012-Dec-17 23:10 UTC
How to control which command is executed with "plain ssh" from remote machine?
Hej John, John Olsson M wrote:> found out that by default the ssh client does not specify any > subsystem.Please, *please*, read the SSH protocol RFCs, they are a very quick read and they are an *excellent* way to learn the protocol. Please, *please*, stop wasting time making guesses about things which are really well documented. http://tools.ietf.org/html/rfc4250 SSH Protocol Assigned Numbers http://tools.ietf.org/html/rfc4251 SSH Protocol Architecture http://tools.ietf.org/html/rfc4252 SSH Authentication Protocol http://tools.ietf.org/html/rfc4253 SSH Transport Layer Protocol http://tools.ietf.org/html/rfc4254 SSH Connection Protocol http://tools.ietf.org/html/rfc4256 Generic Message Exchange for SSH Authentication AKA keyboard-interactive //Peter