consent to monitoring banner for ssh

mups.cp mups.cp at gmail.com
Tue Dec 4 22:03:01 UTC 2007 

Carl,

You don't need set the everyone's login shell, you could use
/etc/ssh/sshrc and put your code or your a call to it in it.


On Dec 4, 2007 7:41 PM, Carl G. Riches <cgr at u.washington.edu> wrote:
> On Tue, 4 Dec 2007, Bill Tangren wrote:
>
> > A new policy has been implemented here at work. The old policy stated
> > that, when someone logs in to a system via ssh, I had to display a consent
> > to monitor banner, which is easy to implement.
> >
> > The new policy, however, requires that the user has to somehow signify
> > that they have read and will abide by the policy. In essence, I have to
> > get a yes or no input from the user, possibly just after they log on, and
> > if they say no, log them off. If they say yes, they get to proceed.
> >
> > My question: what is the best way to implement this? I have to make sure
> > the user cannot remove this functionality for future logins, so I can't
> > put it in any of their login scripts. This is easy to implement for GUI
> > logins, but I don't know the best way to proceed for ssh. Any ideas?
> >
>
> We did a somewhat-similar task at a place where I used to work.  We set
> everyone's login shell to a locally-written perl script.  That perl script
> did things such as ensure that the user had permission to log in to the
> system, check the user's quota, print out a blurb, then exec( )'d tcsh.
> It needed some interupt handling, though, to fit what you want to do.  I
> don't have the code anymore, but this might give you an idea of what
> direction to go.  (Would you need to record user's answers to your
> question in a database for future reference?  This might give you that
> ability.)
>
> HTH,
> Carl
>
> --
> Carl G. Riches
> Software Engineer
> Department of Biostatistics
> Box 357232                      voice:     206-616-2725
> University of Washington        fax:       206-543-3286
> Seattle, WA  98195-7232         internet:  cgr at u.washington.edu
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list