Hi all,

I am having an unusual problem whereby if I specify the shell during
an ssh login, I do not appear in the w, who or last output. I also do
not get a shell prompt, rather just a cursor. I can use the login as
per a normal ssh login and my shell does appear in the ps output, but
again just not in the w, who or last output.

Perhaps I am being a bit naive, but I would have thought that these
commands would give me an accurate view of the system.

I've tried this on Solaris 9 and Solaris 10, as well as the current
stable Ubuntu Server and the current stable Debian. Unfortunately I do
not have the OpenSSH versions handy so that may hinder an answer. I
can follow this up however.

You can try by doing the following:

ssh -l /bin/bash

or whatever your shell is.


Any suggestions would be appreciated. Ultimately I want to be able to
see these logins in the w, who and last output. As an example, I have
one user who has been logging in this way for months and there's no
record of it in the last results.

On Tue, Aug 12, 2008 at 03:37:38AM -0700, gbudge@gmail.com wrote:
> Hi all,
>
> I am having an unusual problem whereby if I specify the shell during
> an ssh login, I do not appear in the w, who or last output. I also do
> not get a shell prompt, rather just a cursor. I can use the login as
> per a normal ssh login and my shell does appear in the ps output, but
> again just not in the w, who or last output.
>
> Perhaps I am being a bit naive, but I would have thought that these
> commands would give me an accurate view of the system.
>
> I've tried this on Solaris 9 and Solaris 10, as well as the current
> stable Ubuntu Server and the current stable Debian. Unfortunately I do
> not have the OpenSSH versions handy so that may hinder an answer. I
> can follow this up however.
>
> You can try by doing the following:
>
> ssh -l /bin/bash
>
> or whatever your shell is.
>
>
> Any suggestions would be appreciated. Ultimately I want to be able to
> see these logins in the w, who and last output. As an example, I have
> one user who has been logging in this way for months and there's no
> record of it in the last results.


That not depend on ssh but more on the system and on the shell.. if you
want to call the shell that way on the ssh command line and you can
force an interactive shell by using the "-i" option of bash. e.g.
ssh user@host "/bin/bash -i"

But it's not the usual way. Normally, you can change the default shell
on your account and that way, you just have to do: ssh user@host. To
change your default shell for you account, it depend on the OS. I don't
know for Solaris but on most Linux and BSD's you can use: "chsh" command
on the server..

--
Martin

gbudge@gmail.com writes:

>I am having an unusual problem whereby if I specify the shell during
>an ssh login, I do not appear in the w, who or last output. I also do
>not get a shell prompt, rather just a cursor. I can use the login as
>per a normal ssh login and my shell does appear in the ps output, but
>again just not in the w, who or last output.

I think you need to add "-t" on the ssh line, to force a tty to be
allocated for the login. The default is to allocate a tty for normal
login, but not if a command is specified on the ssh command line.

On 2008-08-12, gbudge@gmail.com wrote:

> Any suggestions would be appreciated. Ultimately I want to be able to
> see these logins in the w, who and last output. As an example, I have
> one user who has been logging in this way for months and there's no
> record of it in the last results.

ftp://ftp.porcupine.org/pub/security...cracking.101.Z

--
Elvis Notargiacomo master AT barefaced DOT cheek
http://www.notatla.org.uk/goen/

Thanks for the replies. What I am trying to achieve is to prevent
people from logging in this way, rather than giving them the option.

Is it possible to prevent specifying the shell at login?

gbudge@gmail.com writes:

>Thanks for the replies. What I am trying to achieve is to prevent
>people from logging in this way, rather than giving them the option.

Give the user a restricted shell as login shell, or write your
own shell program that checks for this then does an exec to the
real shell.

Note that if a user does

ssh hostname /bin/bash

then sshd actually does

$LOGINSHELL -c /bin/bash

so a suitably restricted login shell (as defined in /etc/passwd)
should be able to check/prevent this.

On Aug 13, 12:18*pm, Neil W Rickert wrote:
> gbu...@gmail.com writes:
> >Thanks for the replies. What I am trying to achieve is to prevent
> >people from logging in this way, rather than giving them the option.
>
> Give the user a restricted shell as login shell, or write your
> own shell program that checks for this then does an exec to the
> real shell.
>
> Note that if a user does
>
> * * * * ssh hostname /bin/bash
>
> then sshd actually does
>
> * * * * $LOGINSHELL -c /bin/bash
>
> so a suitably restricted login shell (as defined in /etc/passwd)
> should be able to check/prevent this.

Thanks Neil. Let me look into this. Hopefully this is the solution.