This is a discussion on Re: Configuring SSH to use our own CLI application in an embedded Linux system - openssh ; Do a 'man sshd' and read the section on AUTHORIZED_KEYS FILE FORMAT. Specifically look at the 'command="command"' option and the environment settings. Also, make sure that PermitUserEnvironment is enabled. Using keyfiles, you may enforce such a behavior. I dunno if ...
Do a 'man sshd' and read the section on AUTHORIZED_KEYS FILE FORMAT.
Specifically look at the 'command="command"' option and the environment
settings. Also, make sure that PermitUserEnvironment is enabled.
Using keyfiles, you may enforce such a behavior. I dunno if you can do
it with just password-auth though. I use this for doing RSYNC-over-SSH
jobs, for instance.
On Sun, Mar 26, 2006 at 03:45:38PM +0200, Oren Shemesh (oshemesh) wrote:
> I have a question about configuring SSH to connect to a specific CLI
> application. This is for an Embedded Linux project.
> A telnet server can be configured to run a given application (By default
> it is 'login', but you can set it to whatever you want).
> I could not find any way to configure OpenSSH in such a manner. All I
> could find is a configuration flag 'UseLogin' which tells it to run
> login, but it is not sufficient to what I want.
> I want SSH to:
> 1. Always run my CLI application, and ignore any 'command' that the
> client wanted to run.
> 2. Not check the user home directory for anything. My CLI application
> will do the authentication using a simple user-name + password scheme
> against a local user DB (The users in that DB are NOT Linux accounts).
> 3. Since the SSH client asks the user for a user-name before even
> connecting to the SSH server, and it passes this user-name to the SSH
> server, I want the SSH server to pass this user-name to my CLI
> application so that the user will not have to type the user-name again
> for my CLI application.
> Basically, I want SSH to encrypt the traffic for protection against
> eavesdropping, but I do not want it's client-authentication features
> (Since the logged-in users do not exist as Linux accounts anyway).
> I would imagine that many embedded Linux systems with SSH support would
> want to use SSH this way, yet I could not find any method of configuring
> OpenSSH to function in such a way. Maybe I need to tweak the OpenSSH
> sources ? Use a different SSH solution (i.e. not OpenSSH) ? What do
> other Embedded-linux systems do ?
> Thanks a lot, Oren.