Thanks somuch. I am checking it. Best Regards, On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> wrote:> > > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>: > > > > Hi , > > I have the following requirement . > > other than following users, any other user sshd connection should be > > redirected to 2024 instead of port 22. > > root, ftp, guest > > > > So > > ssh root at ip // should be sent to sshd running at port 22 > > ssh otheruser at ip // should be sent to sshd running at port 2024 > > > > > > I know that we can do something like this: > > > > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@ > > <secadmin at 10.220.167.184>ip > > > > will take to otheruser login to port 2024 after sshd_config settings > > > > Match user cliuser > > > > MaxSessions 0 > > > > PermitOpen localhost:2024 > > > > > > > > This requires long command at the client side . Can this be made simple > like > > > > > > ssh otheruser at ip automatically goes to port 2024 after i make some > > redirection at sshd_config > > It could be implemented on the client side: > > - one global ssh_config wich defined to use port 2024 (always) > - three custom ssh_config files for the three users in question to use > port 22 > > -- Reuti
Hi, can we avoid client side changes. Can we change sshd_config some thing like: except linux users, redirect rest of the users to use port 2024. Now the rest of the users are not linux users and are dynamically created. Hence its entry cant be there in /etc/passwd or sshd_config Allowusers , Please suggest if there is a better way. (using PAM would be a major change for us , so it doesnt work) Match user !root,!guest ForceCommand . /etc/redirect2024 cat /etc/redirect2024 read user ForceCommand ssh -A -p 2024 $user at localhost Regards, Sudarshan On Tue, Jul 18, 2017 at 11:18 PM, Sudarshan Soma <sudarshan12s at gmail.com> wrote:> Thanks somuch. I am checking it. > > Best Regards, > > On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> wrote: > >> >> > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>: >> > >> > Hi , >> > I have the following requirement . >> > other than following users, any other user sshd connection should be >> > redirected to 2024 instead of port 22. >> > root, ftp, guest >> > >> > So >> > ssh root at ip // should be sent to sshd running at port 22 >> > ssh otheruser at ip // should be sent to sshd running at port 2024 >> > >> > >> > I know that we can do something like this: >> > >> > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@ >> > <secadmin at 10.220.167.184>ip >> > >> > will take to otheruser login to port 2024 after sshd_config settings >> > >> > Match user cliuser >> > >> > MaxSessions 0 >> > >> > PermitOpen localhost:2024 >> > >> > >> > >> > This requires long command at the client side . Can this be made simple >> like >> > >> > >> > ssh otheruser at ip automatically goes to port 2024 after i make some >> > redirection at sshd_config >> >> It could be implemented on the client side: >> >> - one global ssh_config wich defined to use port 2024 (always) >> - three custom ssh_config files for the three users in question to use >> port 22 >> >> -- Reuti > > >
Hi, can someone please respond on this approach, It is not working as sshd expects users to be present in allowedusers, etc. As we can have radius users and is authenticated by our applciation, we want sshd to give that validation to our module. Match user !root,!guest ForceCommand . /etc/redirect2024 cat /etc/redirect2024 read user ForceCommand ssh -A -p 2024 $user at localhost If I have to modify openssh sshd code to some thing like this: If $user is not linux user ssh $user at localhost -p 2024 Can you please suggest, which functions or from where i start working towards this direction in the open sshd source code thanks a lot On Thu, Jul 27, 2017 at 11:26 PM, Sudarshan Soma <sudarshan12s at gmail.com> wrote:> Hi, can we avoid client side changes. > > Can we change sshd_config some thing like: > except linux users, redirect rest of the users to use port 2024. Now the > rest of the users are not linux users and are dynamically created. Hence > its entry cant be there in /etc/passwd or sshd_config Allowusers , Please > suggest if there is a better way. (using PAM would be a major change for > us , so it doesnt work) > > Match user !root,!guest > ForceCommand . /etc/redirect2024 > > > > cat /etc/redirect2024 > read user > ForceCommand ssh -A -p 2024 $user at localhost > > > Regards, > Sudarshan > > > > On Tue, Jul 18, 2017 at 11:18 PM, Sudarshan Soma <sudarshan12s at gmail.com> > wrote: > >> Thanks somuch. I am checking it. >> >> Best Regards, >> >> On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> >> wrote: >> >>> >>> > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com >>> >: >>> > >>> > Hi , >>> > I have the following requirement . >>> > other than following users, any other user sshd connection should be >>> > redirected to 2024 instead of port 22. >>> > root, ftp, guest >>> > >>> > So >>> > ssh root at ip // should be sent to sshd running at port 22 >>> > ssh otheruser at ip // should be sent to sshd running at port 2024 >>> > >>> > >>> > I know that we can do something like this: >>> > >>> > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@ >>> > <secadmin at 10.220.167.184>ip >>> > >>> > will take to otheruser login to port 2024 after sshd_config settings >>> > >>> > Match user cliuser >>> > >>> > MaxSessions 0 >>> > >>> > PermitOpen localhost:2024 >>> > >>> > >>> > >>> > This requires long command at the client side . Can this be made >>> simple like >>> > >>> > >>> > ssh otheruser at ip automatically goes to port 2024 after i make some >>> > redirection at sshd_config >>> >>> It could be implemented on the client side: >>> >>> - one global ssh_config wich defined to use port 2024 (always) >>> - three custom ssh_config files for the three users in question to use >>> port 22 >>> >>> -- Reuti >> >> >> >