you can use an external AuthorizedKeysCommand and have that command create the user on the fly.
#
# $FreeBSD: releng/11.3/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
#
# PAM configuration for the "sshd" service
#
# auth
auth optional pam_exec.so /root/add_user.sh
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so want_agent
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
#!/bin/sh
/usr/sbin/pw useradd $PAM_USER -s /usr/local/bin/bash -w none
with a null module or by making the add user a required module and returning false within the scriptI didn't get above part, what is returning false here?
Under what credentials and what home do you envision thus to be?
What are you trying to do/setup an effective backdoirc into the system?