[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: consent to monitoring banner for ssh



> On Wed, 5 Dec 2007, Bill Tangren wrote:
>
>>
>>> On Wed, 5 Dec 2007, Bill Tangren wrote:
>>>
>>>>
>>>>> Well, you *could* do the "acceptance by logging in" thing... or you
>>>>> can
>>>>> force them to type [yes|no].  Here's how I accomplish that.
>>>>
>>>> Firstly, thanks for the help.
>>>>
>>>> I've done this on a test platform, and I end up with a dialog box when
>>>> I
>>>> log into the GUI, but hitting the cancel button still lets me in.
>>>>
>>>> I DO NOT get a prompt when I ssh, nor do I get one from the text
>>>> console
>>>> or tty consoles (ctl+F1 through ctl+F6).
>>>>
>>>> Any ideas on implement this in those circumstances?
>>>>
>>>
>>> Have you tried implementing this by replacing the user's shell (in
>>> /etc/passwd or equivalent) with your own wrapper script?
>>
>> Hmmm...replace bash (or leave bash alone and replace the login shell in
>> /etc/passwd) with a script that calls bash if they say OK? No, I hadn't
>> thought of that. I'll try it on my test platform, and report back. It
>> will
>> be interesting to see how Windows programs like putty and winscp handle
>> it.
>>
>
> We did a somewhat-similar task at a place where I used to work.  We set
> everyone's login shell to a locally-written perl script.  That perl script
> did things such as ensure that the user had permission to log in to the
> system (checking against user database), check the user's quota, print out
> a blurb, then exec( )'d tcsh. It needed some interupt handling, though, to
> fit what you want to do.  I don't have the code anymore, but this might
> give you an idea of what direction to go.  (Would you need to record
> user's answers to your question in a database for future reference?  This
> might give you that ability.)
>
> This worked with all of the SSH clients we had around (OpenSSH, Tectia,
> TeraTerm, maybe PuTTY).
>
> Carl
>

Thanks, Carl. I'm no perl programmer, but perhaps I can charm a perl
programmer here at work to cook up the rudiments for me, and I can add the
finishing touches. And no, I don't think I need to keep a log. Just don't
say that too loud. Those who cooked up this idea don't need any new bright
ideas...


-- 
Bill Tangren
U.S. Naval Observatory

Ad eundum quo nemo ante iit



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]