consent to monitoring banner for ssh
Bill Tangren
bjt at usno.navy.mil
Thu Dec 6 00:50:54 UTC 2007
> On Wed, 5 Dec 2007, Bill Tangren wrote:
>
>>
>>> On Wed, 5 Dec 2007, Bill Tangren wrote:
>>>
>>>>
>>>>> Well, you *could* do the "acceptance by logging in" thing... or you
>>>>> can
>>>>> force them to type [yes|no]. Here's how I accomplish that.
>>>>
>>>> Firstly, thanks for the help.
>>>>
>>>> I've done this on a test platform, and I end up with a dialog box when
>>>> I
>>>> log into the GUI, but hitting the cancel button still lets me in.
>>>>
>>>> I DO NOT get a prompt when I ssh, nor do I get one from the text
>>>> console
>>>> or tty consoles (ctl+F1 through ctl+F6).
>>>>
>>>> Any ideas on implement this in those circumstances?
>>>>
>>>
>>> Have you tried implementing this by replacing the user's shell (in
>>> /etc/passwd or equivalent) with your own wrapper script?
>>
>> Hmmm...replace bash (or leave bash alone and replace the login shell in
>> /etc/passwd) with a script that calls bash if they say OK? No, I hadn't
>> thought of that. I'll try it on my test platform, and report back. It
>> will
>> be interesting to see how Windows programs like putty and winscp handle
>> it.
>>
>
> We did a somewhat-similar task at a place where I used to work. We set
> everyone's login shell to a locally-written perl script. That perl script
> did things such as ensure that the user had permission to log in to the
> system (checking against user database), check the user's quota, print out
> a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to
> fit what you want to do. I don't have the code anymore, but this might
> give you an idea of what direction to go. (Would you need to record
> user's answers to your question in a database for future reference? This
> might give you that ability.)
>
> This worked with all of the SSH clients we had around (OpenSSH, Tectia,
> TeraTerm, maybe PuTTY).
>
> Carl
>
Thanks, Carl. I'm no perl programmer, but perhaps I can charm a perl
programmer here at work to cook up the rudiments for me, and I can add the
finishing touches. And no, I don't think I need to keep a log. Just don't
say that too loud. Those who cooked up this idea don't need any new bright
ideas...
--
Bill Tangren
U.S. Naval Observatory
Ad eundum quo nemo ante iit
More information about the redhat-list
mailing list