1

I'd like to prompt a user for some piece of information before they get to their BASH shell when they're logging in via SSH. Ideally, I'd like to execute a script which prompts them for information, check that the information is correct, and then if it is drop them to a shell. So, think:

ssh user@some-host.com
password: xxxx

do you agree to the terms and conditions of use? enter yes or no:
yes 

OK, here's your shell:
#

Can anyone provide an example of how to do something like this?

Keith Palmer Jr.
  • 1,151
  • 4
  • 16
  • 28
  • 1
    This should be done in PAM, not via sshd. – Ignacio Vazquez-Abrams Feb 24 '11 at 17:42
  • 1
    OK, feel free to provide an example via PAM then too. Any particular reason why it should be done via PAM, and not SSHD? – Keith Palmer Jr. Feb 24 '11 at 17:44
  • For just a non-interactive banner, use can use the PAM config mentioned [here](http://serverfault.com/questions/149627/how-to-display-ssh-banner-at-login-but-only-for-password-authentication) – JCallicoat Aug 23 '11 at 15:21
  • What about this? http://forum.yubico.com/forum/viewtopic.php?t=860 It can also be done entirely in Perl. And, in case you want, there are PAM modules in perl, allowing it to be done in PAM. –  Sep 07 '12 at 00:39

3 Answers3

1

Create new login script(/bin/bash_rest):

#!/bin/bash

echo "do you agree to the terms and conditions of use? enter yes or no:"
read ans

case $ans in
        y|yes|Y|Yes) bash;;
        *) exit
esac

and set as login shell:

chmod +x /bin/bash_rest
usermod -s /bin/bash_rest ooshro

ooshro@ooshro:~$ ssh -p 2022 localhost
Linux ubuntu-1010-server-01 2.6.35-25-generic-pae #44-Ubuntu SMP Fri Jan 21 19:01:46 UTC 2011 i686 GNU/Linux
Ubuntu 10.10

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/
Last login: Thu Feb 24 17:43:06 2011 from 10.0.2.2
do you agree to the terms and conditions of use? enter yes or no:
yes
ooshro@ubuntu-1010-server-01:~$ exit
Connection to localhost closed.
ooshro@ooshro:~$ ssh -p 2022 localhost
Linux ubuntu-1010-server-01 2.6.35-25-generic-pae #44-Ubuntu SMP Fri Jan 21 19:01:46 UTC 2011 i686 GNU/Linux
Ubuntu 10.10

Welcome to Ubuntu!
 * Documentation:  https://help.ubuntu.com/
Last login: Thu Feb 24 17:43:17 2011 from 10.0.2.2
do you agree to the terms and conditions of use? enter yes or no:
no
Connection to localhost closed.
ooshro
  • 10,874
  • 1
  • 31
  • 31
1

Assuming for a moment that you're using opensshd, one possible alternative that does almost what you want, and is a lot simpler to implement, would be to use a login banner. This will not do exactly what you want it to do - it will display a text before the user logs in.

You can alter your policy accordingly - "by logging in you are accepting these terms and conditions".

You can do this using the "Banner" option in /etc/sshd/sshd_config. For example:

# echo "Banner /etc/sshd/sshd-banner" >> /etc/sshd/sshd_config
# echo "By logging on you're accepting the terms and conditions." > /etc/sshd/ssh-banner
Per von Zweigbergk
  • 2,615
  • 2
  • 17
  • 27
0

I would add some rudimentary logging to that bash script, and instead of making that script the default shell, I would consider /etc/ssh/sshrc or /etc/profile.local or /etc/profile. Testing is necessary, because behavior on different systems may vary. There are some reasons not to create non-standard shells, one of which is the need to add new shell to /etc/shells. Unless absolutely necessary, remain with shells defined in /etc/shells.

slashdot
  • 651
  • 5
  • 7