[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re:
From: Sudarshan Soma <sudarshan12s () gmail ! com>
Date: 2017-01-31 5:09:27
Message-ID: CAHJvL=Zu93+E1NG5-VHkWs2Jfd-P5tf-SWcC+3riNw0x-8UDsw () mail ! gmail ! com
[Download RAW message or body]
Thanks for suggestion. the customer firewall settings doesnt allow access
to 1023, hence i was doing it from inside. So external access to port 1023
is dropped, but from loopback(inside), it would be allowed. please share
your thoughts/comments.
On Tue, Jan 31, 2017 at 10:19 AM, Nico Kadel-Garcia <nkadel@gmail.com>
wrote:
> On Mon, Jan 30, 2017 at 1:02 PM, Sudarshan Soma <sudarshan12s@gmail.com>
> wrote:
> > Hi,
> > I am trying to give access to sshd port 22 to connect to different port
> > 1023 by differentiating with special user, customuser. Following is how i
> > tried, but it doesnt work, please suggest.
>
> The easiest way to do this is, typically, to run a *separate* sshd on
> port 1023 with the characterists set to allow *only* that alternative
> user access. Take a look at setting up another daemon with another
> "sshd_config" file to do this. That way, you can leave your internal
> default SSH the heck alone and block it at your firewalls as
> appropriate.
>
> >
> > outside, user issues command
> > ssh customuser@ip, it fails
> >
> >
> > inside sshd_config, i wrote the following:
> >
> >
> > Match user customuser
> > ForceCommand . /etc/myscript
> >
> > inside myscript, I do the following:
> > read -p "Username: " RUSER
> > ssh $RUSER@127.0.0.1 -p 1023
> >
> >
> >
> > with this setting, i find these:
> >
> > If i run sshd in debug mode, password is asked in the server window,
> prints
> > go to client window:
> >
> > server terminal:
> > sshd -d -f /etc/ssh/sshd_config -h /etc/ssh/ssh_key
> >
> > Starting session: forced-command (config) '. /etc/myscript' on pts/3 for
> > customuser from 10.102.12.12 port 41622
> > admin@127.0.0.1's password:
> >
> >
> > client terminal:
> > ssh customuser@10.220.167.18
> > Username: admin
> >
> >
> > If i run sshd in non interactive mode:
> > it doesnt ask for password at all
> >
> > server logs:
> >
> > Jan 30 17:22:18 Linux auth.info sshd[5229]: WARNING:
> /usr/local/etc/moduli
> > does not exist, using fixed modulus
> > Jan 30 17:22:18 Linux auth.err sshd[5229]: error: Could not get shadow
> > information for customuser
> > Jan 30 17:22:18 Linux auth.info sshd[5229]: Accepted none for customuser
> > from 10.220.82.17 port 41645 ssh2
> > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't
> stat
> > /var/log/lastlog: No such file or directory
> > Jan 30 17:22:18 Linux auth.info sshd[5230]: lastlog_openseek: Couldn't
> stat
> > /var/log/lastlog: No such file or directory
> >
> >
> > client logs:
> >
> > ssh customuser@10.220.167.184
> > Username: admin
> > Permission denied, please try again.
> > Permission denied, please try again.
> > Permission denied (publickey,password).
> > Connection to 10.220.167.184 closed.
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev@mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic