How to detect if a user has logged in via SSH and reject connection if not on HP UX

A number of local UNIX accounts on our HP UX v B.11.31 server are not permitted to connect via Telnet.

I have added the following into the users .profile file:-

# Check is SSH Session and end if not
if [[ -z "$SSH_CLIENT" ]]
then
	tput cup 22 1
	tput ed
	print "\033[33;7mThis use is only permitted to connect via SSH.\033[0m"
	sleep 5
	exit
fi

Open in new window


But upon logon get the error:-

{HOME:-.}/.profile[31]: SSH_CLIENT: parameter not set

Open in new window


Any help much appreciated.
LVL 1
Terry RogersIT Senior EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
You'll have to somehow arrange to set $SSH_CLIENT.

Based on docs, this should be set by sshd when connection is made.

So first place to look is likely /etc/ssh/sshd_config, specifically at directives relating to environment processing.

I just checked on a machine I use to host client sites. My /etc/ssh/sshd_config is fairly standard. $SSH_CLIENT gets setup correctly for all sessions.

Here's one trick which may help.

Extract a copy of /etc/ssh/sshd_config from your package manager. Diff the original + your current version. Look for environment setup related changes.

Of just start over with the original + test + ensure $SSH_CLIENT setup is correct. Then start making your sshd_config changes, one by one, looking for the one that breaks $SSH_CLIENT setup.
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
If you get stuck, post both your original + current sshd_config here + likely someone can decode the problem.
0
tfewsterCommented:
The logic is fine - If the user logged in using telnet, SSH_CLIENT would not be set, which is what your code is testing for.

To avoid the ksh error "parameter not set", add the line
set +u
before executing the test to prevent it from complaining about the use of undeclared variables.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.