RE: SSH Gateway

Evan,

I guess you're running your script from the user's .profile, .login or .cshrc? If instead you make your script the user's default shell in
/etc/passwd, then if the user breaks the second ssh connection it will
just log the user off the gateway system. To be clean your script should be something like:-

#!/bin/sh
ssh .......
exit 0

On some UNIX systems you may need to add your shell script to
/etc/shells in order for 'login' to recognise it as a valid default
login shell. Look at the man page for 'login' as this config file is sometimes known by a different name on some systems.

Regards

Chris Macneill

-----Original Message-----
From: evan@bcaresearch.com [mailto:evan@bcaresearch.com] Sent: 12 November 2002 17:46
To: secureshell@securityfocus.com
Subject: SSH Gateway

Is there a way that I can automatically forward certain ssh user connection to another ssh box without giving the users access to the gateway machine?
Any ideas would be welcome.
As it stands now I am currently running a script when they log on that automatically connects then to the next box. The problem being that they can simply break the ssh connection and get shell access. Evan Xinos
System Support Analyst Received on Sun Nov 17 07:41:39 2002

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek