We help IT Professionals succeed at work.

How to detect if a user has logged in via SSH and reject connection if not on HP UX

Terry Rogers
Terry Rogers asked
A number of local UNIX accounts on our HP UX v B.11.31 server are not permitted to connect via Telnet.

I have added the following into the users .profile file:-

# Check is SSH Session and end if not
if [[ -z "$SSH_CLIENT" ]]
	tput cup 22 1
	tput ed
	print "\033[33;7mThis use is only permitted to connect via SSH.\033[0m"
	sleep 5

Open in new window

But upon logon get the error:-

{HOME:-.}/.profile[31]: SSH_CLIENT: parameter not set

Open in new window

Any help much appreciated.
Watch Question

David FavorFractional CTO
Distinguished Expert 2018

You'll have to somehow arrange to set $SSH_CLIENT.

Based on docs, this should be set by sshd when connection is made.

So first place to look is likely /etc/ssh/sshd_config, specifically at directives relating to environment processing.

I just checked on a machine I use to host client sites. My /etc/ssh/sshd_config is fairly standard. $SSH_CLIENT gets setup correctly for all sessions.

Here's one trick which may help.

Extract a copy of /etc/ssh/sshd_config from your package manager. Diff the original + your current version. Look for environment setup related changes.

Of just start over with the original + test + ensure $SSH_CLIENT setup is correct. Then start making your sshd_config changes, one by one, looking for the one that breaks $SSH_CLIENT setup.
David FavorFractional CTO
Distinguished Expert 2018

If you get stuck, post both your original + current sshd_config here + likely someone can decode the problem.
The logic is fine - If the user logged in using telnet, SSH_CLIENT would not be set, which is what your code is testing for.

To avoid the ksh error "parameter not set", add the line
set +u
before executing the test to prevent it from complaining about the use of undeclared variables.