SSH Consent Banner

Mertens, Bram mertensb at mazdaeur.com
Tue Feb 12 16:10:38 UTC 2008 

Indeed but the OPs script doesn't do this.

To do so add something like the following to the top of the script:
trap "logoutfunction" TERM INT

The logoutfunction has to be defined before this statement and could
contain the code you use for terminating people's session.

I was wondering if it is necessary to use such a rather complicated
structure to log the user out.  Isn't it possible to use exit?

Something like:

trap 'exit' TERM INT
HOSTNAME=`hostname`
   GREET=`cat /etc/issue`
   echo $GREET
   echo "Do you agree to this consent? [Y/N]"
   read answer

   case $answer in

   Y|y)
     echo "Welcome to $HOSTNAME."
     ;;

   N|n)
     echo "Goodbye."
     sleep 2
     exit
     ;;

   *)
     echo "Goodbye.  Try SSH again"
     echo "You Must enter a Y or a N "
     sleep 2
     exit
     ;;

   esac

Regards

Bram

> 


Mazda Motor Logistics Europe NV, Blaasveldstraat 162, B-2830 Willebroek
VAT BE 406.024.281, RPR Mechelen, ING  310-0092504-52, IBAN : BE64 3100 0925 0452, SWIFT : BBRUBEBB

-----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Mike Burger
> Sent: dinsdag 12 februari 2008 16:19
> To: General Red Hat Linux discussion list
> Subject: RE: SSH Consent Banner
> 
> Not if you trap the CTRL-C sequence within the script.
> 
> > Doesn't pressing CTRL+C get you out of this?  In that it stops
> > processing the script but still lets you log in.
> >
> > Regards
> >
> > Bram
> >
> >>
> >
> >
> > Mazda Motor Logistics Europe NV, Blaasveldstraat 162, 
> B-2830 Willebroek
> > VAT BE 406.024.281, RPR Mechelen, ING  310-0092504-52, IBAN 
> : BE64 3100
> > 0925 0452, SWIFT : BBRUBEBB
> >
> > -----Original Message-----
> >> From: redhat-list-bounces at redhat.com
> >> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Paul Whitney
> >> Sent: zaterdag 2 februari 2008 2:07
> >> To: General Red Hat Linux discussion list
> >> Subject: Re: SSH Consent Banner
> >>
> >> Actually, this worked for me. I created a separate script
> >> that is called
> >> within /etc/bashrc. This is what happens. It is probably
> >> considered crude,
> >> but it works for me. Please let me know if there is a flaw in
> >> this approach.
> >>
> >> Thanks.
> >>
> >> Paul
> >>
> >> HOSTNAME=`hostname`
> >>    GREET=`cat /etc/issue`
> >>    echo $GREET
> >>    echo "Do you agree to this consent? [Y/N]"
> >>    read answer
> >>
> >>    case $answer in
> >>
> >>    Y|y)
> >>      echo "Welcome to $HOSTNAME."
> >>      ;;
> >>
> >>    N|n)
> >>      echo "Goodbye."
> >>      sleep 2
> >>      PID=`ps -ef | grep ssh_test_1 | awk ' {print $3} '`
> >>      kill -9 $PID
> >>      ;;
> >>
> >>    *)
> >>      echo "Goodbye.  Try SSH again"
> >>      echo "You Must enter a Y or a N "
> >>      sleep 2
> >>      PID=`ps -ef | grep ssh_test_1 | awk ' {print $3} '`
> >>      kill -9 $PID
> >>      ;;
> >>
> >>    esac
> >>
> >>
> >>
> >> On 2/1/08 7:21 PM, "Nikolas Lam"
> >> <nlam87346 at library.usyd.edu.au> wrote:
> >>
> >> >
> >> >
> >> > On Fri, 2008-02-01 at 11:08 -0500, Paul Whitney wrote:
> >> >> Can someone tell me how to configure SSHD to present a
> >> yes/no prompt? My
> >> >> system currently is configured to present a consent
> >> banner, but it does not
> >> >> require users to agree to the consent. Any help is appreciated.
> >> >>
> >> >> Paul W.
> >> >>
> >> >>
> >> >
> >> > Not sure how to do exactly that, but you could just present
> >> something
> >> > using
> >> >
> >> >  Banner /etc/ssh_issue
> >> >
> >> > in /etc/ssh/sshd_config. This will print the contents of
> >> /etc/ssh_issue
> >> > just before putting in their passwords. In it you could
> >> say, entering
> >> > your password is agreeing to your terms and conditions.
> >> >
> >> > Once they log in, they'll also by default get the 
> system's /etc/motd
> >> >
> >> >
> >> > N.
> >> >
> >> >
> >>
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe 
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> > --
> > redhat-list mailing list
> > unsubscribe 
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> -- 
> Mike Burger
> http://www.bubbanfriends.org
> 
> Visit the Dog Pound II BBS
> telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
> 
> To be notified of updates to the web site, visit:
> 
> https://www.bubbanfriends.org/mailman/listinfo/site-update
> 
> or send a blank email message to:
> 
> site-update-subscribe at bubbanfriends.org
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list