How to detect if a user has logged in via SSH and reject connection if not on HP UX
A number of local UNIX accounts on our HP UX v B.11.31 server are not permitted to connect via Telnet.
I have added the following into the users .profile file:-
But upon logon get the error:-
Any help much appreciated.
I have added the following into the users .profile file:-
# Check is SSH Session and end if not
if [[ -z "$SSH_CLIENT" ]]
then
tput cup 22 1
tput ed
print "\033[33;7mThis use is only permitted to connect via SSH.\033[0m"
sleep 5
exit
fi
But upon logon get the error:-
{HOME:-.}/.profile[31]: SSH_CLIENT: parameter not set
Any help much appreciated.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You'll have to somehow arrange to set $SSH_CLIENT.
Based on docs, this should be set by sshd when connection is made.
So first place to look is likely /etc/ssh/sshd_config, specifically at directives relating to environment processing.
I just checked on a machine I use to host client sites. My /etc/ssh/sshd_config is fairly standard. $SSH_CLIENT gets setup correctly for all sessions.
Here's one trick which may help.
Extract a copy of /etc/ssh/sshd_config from your package manager. Diff the original + your current version. Look for environment setup related changes.
Of just start over with the original + test + ensure $SSH_CLIENT setup is correct. Then start making your sshd_config changes, one by one, looking for the one that breaks $SSH_CLIENT setup.
Based on docs, this should be set by sshd when connection is made.
So first place to look is likely /etc/ssh/sshd_config, specifically at directives relating to environment processing.
I just checked on a machine I use to host client sites. My /etc/ssh/sshd_config is fairly standard. $SSH_CLIENT gets setup correctly for all sessions.
Here's one trick which may help.
Extract a copy of /etc/ssh/sshd_config from your package manager. Diff the original + your current version. Look for environment setup related changes.
Of just start over with the original + test + ensure $SSH_CLIENT setup is correct. Then start making your sshd_config changes, one by one, looking for the one that breaks $SSH_CLIENT setup.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial