Enforcing ssh login shell for ssh gateway users selectively in sshd_config file

Enforce login shell for ssh users in sshd configuration file.
By default the Ezeelogin gateway users are assigned the shell /usr/local/bin/ezsh however you may want the gateway users to have OS level access ( /bin/bash shell ) when they login via ssh 

[root@jumpbox ~]# finger ezadmin

Login: ezadmin        Name:

Directory: /home/ezadmin            Shell: /usr/local/bin/ezsh 

You can force every user into the /usr/local/bin/ezsh shell and exclude selected users  by having the following parameters included in the /etc/ssh/sshd_config file of the gateway box. Append the following lines to the config file

[root@gw01 ~]# /etc/ssh/sshd_config

Match User !root,!ted,!ben,?*
   ForceCommand /usr/local/bin/ezsh

[root@gw01 ~]# service sshd restart 

In the above example, it would enforce all the users to default to the shell /usr/local/bin/ezsh on ssh login except  for the users root,ted,ben
This would be the recommended way as it improves security by denying a  /bin/bash shell for the ssh gateway users who do not need OS level access on the gateway server  and forcing them into the ezsh shell.
The users root,ted, ben has been excluded hence would get OS level access ( /bin/bash shell on ssh login)  and need to simply run the command ezsh to get the ezsh shell interface.

To force the ezadmin user to the /bin/bash shell, run the following on the gateway box and exclude the user ezadmin in /etc/ssh/sshd_config file only if ForceCommand parameters are in use.

[root@gw01 ~]# chsh -s /bin/bash ezadmin.

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Integrate SAML Authentication in Ezeelogin GUI using Microsoft Azure SSO and Azure Active Directory
    Viewed 129 times since Thu, Jul 9, 2020
    Enable Google reCaptcha
    Viewed 804 times since Fri, Feb 1, 2019
    Add servers behind a Tunnel Host in SSH Gateway or Add servers that are accessible via port forwarding via the ssh gateway server.
    Viewed 20255 times since Wed, Jan 17, 2018
    Prevent passwords from being recorded when ssh session recording is enabled
    Viewed 2249 times since Fri, Mar 2, 2018
    Add custom fields on server add form
    Viewed 948 times since Wed, Mar 27, 2019
    How to export servers ?
    Viewed 3658 times since Sat, Sep 2, 2017
    encryption used in ezeelogin use to secure information stored
    Viewed 2344 times since Thu, Jun 15, 2017
    How to import servers from a file into Ezeelogin ssh gateway?
    Viewed 2992 times since Fri, Sep 1, 2017
    record ssh sessions
    Viewed 5336 times since Fri, May 4, 2018
    encryption type used for securing users ssh logs in ezeelogin
    Viewed 1828 times since Thu, Jun 15, 2017