[kwlug-disc] How to ... having ssh key connected ... ask for password, logout if fail?
Chris Irwin
chris at chrisirwin.ca
Thu Oct 6 11:11:53 EDT 2016
On Thu, Oct 06, 2016 at 09:00:18AM -0400, B. S. wrote:
>On 10/05/2016 05:06 PM, Bob Jonkman wrote:
>>
>>Perhaps you can ssh-with-certs into an unprivileged account, then from
>>there 'su username' into the real account to get things done. That'll
>>ask for a password...
>
>This appears to be the answer. Near the top of ~/.bashrc, not
>~/.ssh/rc, add:
Note: This will not work unless .bashrc is sourced. The user could
simply run some other alternative command.
You could use ForceCommand in sshd_config, but you're going to break
everything except interactive sessions with your default shell (which
you're actually also breaking, you just won't notice).
This is the wrong approach to authentication.
That said, ForceCommand is still a very useful option, but for entirely
different purposes.
--
Chris Irwin
email: chris at chrisirwin.ca
xmpp: chris at chrisirwin.ca
web: https://chrisirwin.ca
More information about the kwlug-disc
mailing list