Hosting Provided By

Re: consent to monitoring banner for ssh

From: Carl G. Riches <cgr(at)u.washington.edu>
Date: Wed Dec 05 2007 - 19:32:27 EST

On Wed, 5 Dec 2007, Bill Tangren wrote:

>
>> On Wed, 5 Dec 2007, Bill Tangren wrote:
>>
>>>
>>>> Well, you *could* do the "acceptance by logging in" thing... or you can
>>>> force them to type [yes|no]. Here's how I accomplish that.
>>>
>>> Firstly, thanks for the help.
>>>
>>> I've done this on a test platform, and I end up with a dialog box when I
>>> log into the GUI, but hitting the cancel button still lets me in.
>>>
>>> I DO NOT get a prompt when I ssh, nor do I get one from the text console
>>> or tty consoles (ctl+F1 through ctl+F6).
>>>
>>> Any ideas on implement this in those circumstances?
>>>
>>
>> Have you tried implementing this by replacing the user's shell (in
>> /etc/passwd or equivalent) with your own wrapper script?
>
> Hmmm...replace bash (or leave bash alone and replace the login shell in
> /etc/passwd) with a script that calls bash if they say OK? No, I hadn't
> thought of that. I'll try it on my test platform, and report back. It will
> be interesting to see how Windows programs like putty and winscp handle
> it.
>

We did a somewhat-similar task at a place where I used to work. We set everyone's login shell to a locally-written perl script. That perl script did things such as ensure that the user had permission to log in to the system (checking against user database), check the user's quota, print out a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to fit what you want to do. I don't have the code anymore, but this might give you an idea of what direction to go. (Would you need to record user's answers to your question in a database for future reference? This might give you that ability.)

This worked with all of the SSH clients we had around (OpenSSH, Tectia, TeraTerm, maybe PuTTY).

Carl

-- 
Carl G. Riches
Software Engineer
Department of Biostatistics
Box 357232                      voice:     206-616-2725
University of Washington        fax:       206-543-3286
Seattle, WA  98195-7232         internet:  cgr@u.washington.edu

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Received on Wed Dec 5 19:33:03 2007

This message: [ Message body ]
Next message: Bill Tangren: "Re: consent to monitoring banner for ssh"
Previous message: Gary Waters: "Cannot create files/directories that have numeric only names"
In reply to: Bill Tangren: "Re: consent to monitoring banner for ssh"
Next in thread: Bill Tangren: "Re: consent to monitoring banner for ssh"
Reply: Bill Tangren: "Re: consent to monitoring banner for ssh"
Reply: mark: "Re: consent to monitoring banner for ssh"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Fri May 30 2008 - 14:26:49 EDT