Link to home
Start Free TrialLog in
Avatar of Terry Rogers
Terry RogersFlag for United Kingdom of Great Britain and Northern Ireland

asked on

How to detect if a user has logged in via SSH and reject connection if not on HP UX

A number of local UNIX accounts on our HP UX v B.11.31 server are not permitted to connect via Telnet.

I have added the following into the users .profile file:-

# Check is SSH Session and end if not
if [[ -z "$SSH_CLIENT" ]]
then
	tput cup 22 1
	tput ed
	print "\033[33;7mThis use is only permitted to connect via SSH.\033[0m"
	sleep 5
	exit
fi

Open in new window


But upon logon get the error:-

{HOME:-.}/.profile[31]: SSH_CLIENT: parameter not set

Open in new window


Any help much appreciated.
Avatar of David Favor
David Favor
Flag of United States of America image

You'll have to somehow arrange to set $SSH_CLIENT.

Based on docs, this should be set by sshd when connection is made.

So first place to look is likely /etc/ssh/sshd_config, specifically at directives relating to environment processing.

I just checked on a machine I use to host client sites. My /etc/ssh/sshd_config is fairly standard. $SSH_CLIENT gets setup correctly for all sessions.

Here's one trick which may help.

Extract a copy of /etc/ssh/sshd_config from your package manager. Diff the original + your current version. Look for environment setup related changes.

Of just start over with the original + test + ensure $SSH_CLIENT setup is correct. Then start making your sshd_config changes, one by one, looking for the one that breaks $SSH_CLIENT setup.
If you get stuck, post both your original + current sshd_config here + likely someone can decode the problem.
ASKER CERTIFIED SOLUTION
Avatar of tfewster
tfewster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial