1

On a daily basis, I interact with 10s of productions servers which do not, and should not have a home directory for my personal user.

Every SSH session is met with the same error message:

Could not chdir to home directory /home/Me: No such file or directory
Killed by signal 1.

Is there a way to prevent SSH from trying to cd me into /home/Me, or is there any other way to surpress this message?

Alexander
  • 211
  • 1
  • 3
  • 8
  • "which do not, and should not have a home directory for my personal user." that is a very strange setup indeed. How is the `sshd` daemon expected to know in which directory you should land upon connecting? Have a look at `ChrootDirectory` but it needs various setup. Or something like that to adapt : `ForceCommand bash -c "cd /tmp; bash --login"` (ugly, and not sure that works), otherwise you need to look at PAM and specially `pam_mkhomedir` that you will need to plug from sshd PAM config. – Patrick Mevzek Jun 29 '18 at 21:59
  • @PatrickMevzek These are production virtual machines, there are thousands of them, across tens of different fleets. Even if I automated the creation of a home directory for me on each of them, it would only be temporary, because VMs are shutdown and created as necessary to fit demand. – Alexander Jun 29 '18 at 22:36
  • 1
    @PatrickMevzek Ideally, I was hoping there might be some flag to tell SSH to spit me out at `/` – Alexander Jun 29 '18 at 22:36
  • This is the purpose of `pam_mkhomedir` it creates the home directory automatically upon login, if missing. And you can centralize authentication through some LDAP server so no need to have you as user in `/etc/passwd`. Or it can be in the VM template. Otherwise you could always recompile your own ssh that does 'chdir /' but I am not sure it is a good idea, just try ForceCommand or even better proper user management with PAM, this will be simpler... – Patrick Mevzek Jun 29 '18 at 22:48
  • @PatrickMevzek I'll talk with the devops team, see what they think. I suspect they wouldn't be too fond of the idea of every ssh'ed user opening new dirs on prod servers – Alexander Jun 29 '18 at 22:55
  • I really do not know how exactly it could be a problem... you can always have user quotas and even have `/home` mounted separately if you are afraid of too much space used. And since they are created automatically on demand there is nothing to worry about. But then your constraints may get in the way, but difficult to assess externally. – Patrick Mevzek Jun 30 '18 at 22:49
  • @PatrickMevzek Yeah, it could be done, but there's inertia to search a change. We're talking about a big-4 tech company here D: – Alexander Jul 01 '18 at 02:33

2 Answers2

0

Edit /etc/passwd and replace the relevant home directory with /.

porton
  • 312
  • 1
  • 14
  • I can't do this on the production servers. Even if I did, it would be one off, and every one of the hundreds of other servers wouldn't have it. – Alexander Jun 29 '18 at 20:11
  • pssh -l youruser -h listofserver.txt 'sudo usermod -d / youruser' – Some Linux Nerd Jun 29 '18 at 20:14
  • @SomeLinuxNerd This doesn't work my application :( I can't make a predefined list of servers, because the servers I need to SSH into are rather ad-hoc, and most of them are VMs with limited lifespan (e.g. peak scaling for a certain time of year). And when I said I was dealing with hundreds of servers, I really did mean *hundreds*. – Alexander May 13 '19 at 18:10
0

You can provide an aaa value for the homedir and point it to /tmp or something from your radius or ldap account.

Jonas Bjork
  • 376
  • 1
  • 4
  • Could you elaborate on this? What's an "aaa value"? – Alexander Jun 29 '18 at 20:10
  • well you lack homedir on multiple server so i assume that you authenticate using an aaa (authentication, authorization, accounting) server like radius, tacacs+ or ldap/ad? you can most likely use the same mechanism for the attribute 'homedir' – Jonas Bjork Jun 29 '18 at 20:18
  • I don't actually now what authentication mechanism is being used. Is there a simple way to check? – Alexander Jun 29 '18 at 20:23
  • well if you have access you could browse through /etc/pam.d config files or perhaps ask your server env design guys – Jonas Bjork Jun 29 '18 at 20:32
  • and /etc/ssh/sshd_config should give you a clue as well – Jonas Bjork Jun 29 '18 at 20:33
  • Ah, I think it's using active directory – Alexander Jun 29 '18 at 22:35
  • I'm not sure how to do it with Active Directory. Perhaps you can specify an additional free-text field (eg. something like '_Unix-User-Home_') bound to the user record? – Jonas Bjork Jun 30 '18 at 13:14