Re: [suse-security] Close all ssh sessions
Miguel ALBUQUERQUE schrieb:
Hi,
How can one force closing an open ssh session ? I want to disconnect a user right after executing a script no waiting for a timeout. Is that possible ?
I've 3 ideas 1st) What about to replace the login shell in /etc/passwd with the script the user can invoke. If script is done user gets logged out :O)_ youruser:x:1000:1000::/var/tmp/:/bin/yourscript 2nd) One can invoke a script via ssh a.ip.addr.ess "command" so if you can disable interactive sessions in sshd it will fulfill your requirements (Dunno how to accomplish that ad hoc) 3rd) man bash PPID The process ID of the shell's parent. This variable is readonly. If one invokes a script this variable should contain the PID of the underlying bash. Just kill -9 $PPID in the of the script. Hope that helps the polarizer http://www.codixx.de/polarizer.html
Another method is to insert the commands into the user profile (as you may require specific environment variables unless you code these into your script) using the exec command followed by an exit command. -----Original Message----- From: Polarizer [mailto:Polarizer@Codixx.Com] Sent: 24 November 2005 16:13 To: suse-security@suse.com Subject: Re: [suse-security] Close all ssh sessions Miguel ALBUQUERQUE schrieb:
Hi,
How can one force closing an open ssh session ? I want to disconnect a
user right after executing a script no waiting for a timeout. Is that possible ?
I've 3 ideas 1st) What about to replace the login shell in /etc/passwd with the script the user can invoke. If script is done user gets logged out :O)_ youruser:x:1000:1000::/var/tmp/:/bin/yourscript 2nd) One can invoke a script via ssh a.ip.addr.ess "command" so if you can disable interactive sessions in sshd it will fulfill your requirements (Dunno how to accomplish that ad hoc) 3rd) man bash PPID The process ID of the shell's parent. This variable is readonly. If one invokes a script this variable should contain the PID of the underlying bash. Just kill -9 $PPID in the of the script. Hope that helps the polarizer http://www.codixx.de/polarizer.html -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Option 1 works wonderfully ! Thank you all ;-) Miguel Albuquerque Network Administrator CODaLIS SA Chemin de Trèfle-Blanc 18 1228 Plan-Les-Ouates / CH TEL : +41 22 827 30 80 FAX : +41 22 827 30 33 http://www.codalis.ch DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. Polarizer <Polarizer@Codixx.Com> 24.11.2005 17:13 To suse-security@suse.com cc Subject Re: [suse-security] Close all ssh sessions Miguel ALBUQUERQUE schrieb:
Hi,
How can one force closing an open ssh session ? I want to disconnect a user right after executing a script no waiting for a timeout. Is that possible ?
I've 3 ideas 1st) What about to replace the login shell in /etc/passwd with the script the user can invoke. If script is done user gets logged out :O)_ youruser:x:1000:1000::/var/tmp/:/bin/yourscript 2nd) One can invoke a script via ssh a.ip.addr.ess "command" so if you can disable interactive sessions in sshd it will fulfill your requirements (Dunno how to accomplish that ad hoc) 3rd) man bash PPID The process ID of the shell's parent. This variable is readonly. If one invokes a script this variable should contain the PID of the underlying bash. Just kill -9 $PPID in the of the script. Hope that helps the polarizer http://www.codixx.de/polarizer.html -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi Miquel, i don`t know if you want to do this for security, or just for easing youre work. But as this is a Security list, i have a little hint for you. ;-) If the Program, used as login Shell, is a Shellscript, then there is nearly always the possibility to break the script and fallback to the executing shell. Think of an exception or simply an executed vi. Remark: You can often get around exceptions using the trap command. But it`s often better using a binary, doing exactly the job you want to be done. Just my 2 ct/eur. ;-) Dirk Miguel ALBUQUERQUE wrote:
Option 1 works wonderfully !
Thank you all ;-)
Miguel Albuquerque Network Administrator
CODaLIS SA
Chemin de Trèfle-Blanc 18 1228 Plan-Les-Ouates / CH
TEL : +41 22 827 30 80 FAX : +41 22 827 30 33 http://www.codalis.ch
DISCLAIMER - This message is intended for the use of the named person only. The information contained in this E-mail is confidential and any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited. This message does not represent a formal commitment by Codalis SA. Codalis SA is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
Polarizer <Polarizer@Codixx.Com> 24.11.2005 17:13
To suse-security@suse.com cc
Subject Re: [suse-security] Close all ssh sessions
Miguel ALBUQUERQUE schrieb:
Hi,
How can one force closing an open ssh session ? I want to disconnect a user right after executing a script no waiting for a timeout. Is that possible ?
I've 3 ideas
1st)
What about to replace the login shell in /etc/passwd with the script the user can invoke. If script is done user gets logged out :O)_
youruser:x:1000:1000::/var/tmp/:/bin/yourscript
2nd)
One can invoke a script via
ssh a.ip.addr.ess "command"
so if you can disable interactive sessions in sshd it will fulfill your requirements (Dunno how to accomplish that ad hoc)
3rd)
man bash
PPID The process ID of the shell's parent. This variable is readonly.
If one invokes a script this variable should contain the PID of the underlying bash. Just kill -9 $PPID in the of the script.
Hope that helps
the polarizer http://www.codixx.de/polarizer.html
-- xcldsc TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl-------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: miguel.albuquerque@codalis.ch, Polarizer@Codixx.Com, suse-security@suse.com # Dateianhänge: 0
participants (4)
-
Dan Andruszkiw -
Dirk Schreiner -
Miguel ALBUQUERQUE -
Polarizer