 | View Full Version : Telnet - SSH cobalt-serve 03-29-2003, 05:11 PM I want to change the message that is displayed when a user tries to log in to telnet or ssh And does not have shell access on there account. And the moment it says this account is currently not available. How can I change this message? Woofcat 03-29-2003, 06:38 PM create a program that prints the message you want and exits, and set the user's shell to this? cobalt-serve 03-29-2003, 06:41 PM What. if you dont know the answer then please dont post. your answer is not of any help Woofcat 03-29-2003, 07:02 PM why ask the question if the correct and only answer is not of any help to you? calvin 03-29-2003, 07:15 PM I agree with woofcat's answer and would do it the same way he described. When the no-shell-access user logs on, they execute a shell script that has just 2 lines: echo 'This account is currently not available.' exit 1 spf6 03-29-2003, 07:38 PM Specifically for SSH (I'm not sure about OpenSSH) you can create an sftp chroot jail for the user so that the user only has sftp access and not shell access. And when they get sftp access, they only have access to the files in their home directory. They can't go galavanting all over the file system. I'm assuming that's what you're asking since this is a web hosting forum and if you're webhosting you want your users to connect by ftp but not give shell access. Here's how: Step 1. edit the /etc/ssh2/sshd2_config file and set either of the following lines: ChRootUsers user1, user2, .... ChRootGroups group1, group2, ... For my setup, I only use the ChRootGroups and I make all users that don't have shell access be members of that group. Step 2. Like other people have mentioned before, you have to create a shell that prints a message and exits. Once you have that you set the user's entry in /etc/passwd to use that shell. Fortuantely, SSH already has this shell for you. It is ssh-dummy-shell. It should be in the same directory as your ssh binary. Just copy it into the /bin directory. Set the users shell, in /etc/passwd, that you want to be restricticted to use: /bin/ssh-dummy-shell Step 3. For each user that you want have sftp access but not ssh access, you must run the following command ssh-chrootmgr <user_name> This installs the necessary binaries needed for a chroot sftp jail. Step 4. Now edit the file /etc/ssh2/ssh_dummy_shell.out to contain the message that you want the user to see when they try to login using SSH (or telnet). Personally, I would not allow telnet or ftp. They both send everything clear text and are not secure. SSH (SFTP) clients are free and easily obtained and shouldn't be a problem for end users to switch to. (Just my two cents worth) |