Enforcing ssh login shell for ssh gateway users selectively in sshd_config file
Enforce login shell for ssh users in sshd configuration file.
By default the Ezeelogin gateway users are assigned the shell /usr/local/bin/ezsh however you may want the gateway users to have OS level access ( /bin/bash shell ) when they login via ssh
[[email protected] ~]# finger ezadmin
Login: ezadmin Name:
Directory: /home/ezadmin Shell: /usr/local/bin/ezsh
You can force every user into the /usr/local/bin/ezsh shell and exclude selected users by having the following parameters included in the /etc/ssh/sshd_config file of the gateway box. Append the following lines to the config file
[[email protected] ~]# /etc/ssh/sshd_config
Match User !root,!ted,!ben,?*
ForceCommand /usr/local/bin/ezsh
[[email protected] ~]# service sshd restart
In the above example, it would enforce all the users to default to the shell /usr/local/bin/ezsh on ssh login except for the users root,ted,ben
This would be the recommended way as it improves security by denying a /bin/bash shell for the ssh gateway users who do not need OS level access on the gateway server and forcing them into the ezsh shell.
The users root,ted, ben has been excluded hence would get OS level access ( /bin/bash shell on ssh login) and need to simply run the command ezsh to get the ezsh shell interface.
To force the ezadmin user to the /bin/bash shell, run the following on the gateway box and exclude the user ezadmin in /etc/ssh/sshd_config file only if ForceCommand parameters are in use.
[[email protected] ~]# chsh -s /bin/bash ezadmin.