Enforcing ssh login shell for ssh gateway users selectively in sshd_config file

Enforce login shell for ssh users in sshd configuration file.
 
By default the Ezeelogin gateway users are assigned the shell /usr/local/bin/ezsh however you may want the gateway users to have OS level access ( /bin/bash shell ) when they login via ssh 
 

[root@jumpbox ~]# finger ezadmin

Login: ezadmin        Name:

Directory: /home/ezadmin            Shell: /usr/local/bin/ezsh 

You can force every user into the /usr/local/bin/ezsh shell and exclude selected users  by having the following parameters included in the /etc/ssh/sshd_config file of the gateway box. Append the following lines to the config file

[root@gw01 ~]# /etc/ssh/sshd_config

Match User !root,!ted,!ben,?*
   ForceCommand /usr/local/bin/ezsh

[root@gw01 ~]# service sshd restart 

In the above example, it would enforce all the users to default to the shell /usr/local/bin/ezsh on ssh login except  for the users root,ted,ben
 
This would be the recommended way as it improves security by denying a  /bin/bash shell for the ssh gateway users who do not need OS level access on the gateway server  and forcing them into the ezsh shell.
 
The users root,ted, ben has been excluded hence would get OS level access ( /bin/bash shell on ssh login)  and need to simply run the command ezsh to get the ezsh shell interface.

To force the ezadmin user to the /bin/bash shell, run the following on the gateway box and exclude the user ezadmin in /etc/ssh/sshd_config file only if ForceCommand parameters are in use.

[root@gw01 ~]# chsh -s /bin/bash ezadmin.

 
5 (1)
Article Rating (1 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.