Re: Execute and lock a user into a program upon login

On Fri, 13 Mar 2009 21:12:07 -0400, Steve Bertrand <steve@xxxxxxxxxx> wrote:
Steve Bertrand wrote:
Hi everyone,

Although the application of my question focuses on network operation, I
believe that the objective fits this list.

Mostly irrelevant, I have been working on securing my network perimeter.
I have a FreeBSD box that acts as a host-based BGP peer to all edge
connected routers.

I use this host-based Quagga FBSD router to distribute routes that are
to be blackholed by the edge devices.

What I want is to set up an environment so that when a specific user
logs in to the box via SSH, a command is run, and they immediately get
dropped into the environment that the command produces.

When they exit this 'command', the login session is dropped.

Essentially, I want to 'lock' a user into a program upon SSH login, and
drop them from the SSH session when the program terminates.

In essence:

- user 'router' connects via SSH
- user is dropped into the application 'vtysh'
- user performs operations
- user exits from program
- shell drops (ie. user does not have to exit the csh shell to drop the
SSH connection)

I probably should have explicitly stated that I'd like help as to how I
would go about doing what I want to do, instead of simply stating my
goals ;)

If the user's shell is csh (FreeBSD's standard dialog shell), you
could achieve the goal:

~/.login
vtysh
logout

Only problem: I don't know how the shell will act when the user
terminates the vtysh application (^C)...

Idea: When the application vtysh is terminated, the next command
in the .login file will be executed, which is the logout command
that will cause the login shell to exit. This will close the SSH
connection as well.

(I haven't checked this, sorry.)


--
Polytropon
From Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Execute and lock a user into a program upon login
    ... logs in to the box via SSH, a command is run, and they immediately get ... dropped into the environment that the command produces. ... user is dropped into the application 'vtysh' ... shell drops (ie. user does not have to exit the csh shell to drop the ...
    (freebsd-questions)
  • Re: using ssh to run remote commands? [ssh -T, scp/ssh flags]
    ... I use SSH to forward connections between an intranet server at home and my ... To do this, the user on the remote machine need not have a shell, either ... start a shell on the remote host, ... you can have ssh run a command instead of an interactive shell by ...
    (FreeBSD-Security)
  • Re: remote invocation for any user
    ... to enusre that ssh works without a password. ...  Are you sure you don't want to enclose the command ... trusted SSH key to another server, where your code looks like it'll ... I did invoke DCC.pl from the shell that hangs too. ...
    (comp.lang.perl.misc)
  • Re: Run a command in SSH shell (and close SSH but keep command running)
    ... conditions that result in the need for this vary and it's intermittent ... This will bring up a separate terminal in which you can run ssh or whatever ... The command will keep running. ... replace shell by screen in the above. ...
    (alt.os.linux)
  • Bash-4.0 available for FTP
    ... Unlike previous bash distributions, this tar file includes the formatted ... The shell has been changed to be more ... rigorous about parsing commands inside command substitutions, ... Changes have been made to the Readline library being released at ...
    (gnu.announce)