6

First time here and posting just because I can't seem to find the answer to this, or whether is this even possible.

The problem I'm having is that I want to create a script that will be run immediately after a user logs on to my server using Putty, for example.

I don't want the user to be able to perform any of the normal commands you could run, instead I want to create a script that will respond to certain set of pre-defined commands, for example,

> Hello

Hello, username goes here

Is this possible to do it? Using SSH is not a prerequisite, any other console connection, telnet, for example, will do as well, I just want a user to be able to connect to my server and get response from some basic commands.

Thank you for your time, I hope I've explained myself clearly enough.

Community
  • 1
Badger
  • 63
  • 1
  • 4

3 Answers3

4

I think the thing you're looking for is called Forced Commands:

http://oreilly.com/catalog/sshtdg/chapter/ch08.html#22858

Forced commands can be quite useful. Suppose you want to give your assistant access to your account but only to read your email. You could associate a forced command with your assistant's SSH key to run only your email program and nothing else.

In SSH1 and OpenSSH, a forced command may be specified in authorized_keys with the "command" option preceding the desired key. For example, to run the email program pine whenever your assistant connects:

# SSH1, OpenSSH
command="/usr/local/bin/pine" ...secretary's public key...

In SSH2, a forced command appears on the line immediately following the desired Key, using the Command keyword. The previous example would be represented:

# SSH2 only
Key secretary.pub
Command "/usr/local/bin/pine"

This will only allow them to run one command I believe. If you need to allow them more you can use Authprogs. It's a Perl script that has a .conf file where you can specify commands that a person is allowed to run.

slm
  • 7,615
  • 16
  • 56
  • 76
4

You can accomplish this kind of behaviour by changing the shell of the account in question to the script you want to be run. In that case, the user does not get its normal prompt, where to enter normal commands like ls, cd etc. at all. Instead your script is run at login and you may there have the functionality you need.

To change the shell, you can use chsh-command or change it directly into /etc/passwd. The new shell (your script) must also be listed in /etc/shells for this to work.

grassroot
  • 683
  • 5
  • 14
  • This is exactly what I was looking for, thank you very much! Also thanks to all the others who devoted their time to answer! – Badger Jan 20 '13 at 21:29
  • I'm glad, I could help :-) – grassroot Jan 20 '13 at 23:24
  • Forced commands, as outlined in the other two answers, are far superior to changing the shell to a non-standard script/program, and are exactly targeted at situations such as this.o – tink Jan 29 '13 at 03:19
3
Match user username
    ForceCommand command_which_you_want_to_run

This you can put in sshd_config file of your ssh server. So when a user named username connect to your server via ssh, command_which_you_want_to_run will get execute.

You can fine tune more your ssh server. Following link will may help you in doing this.

https://wiki.archlinux.org/index.php/SFTP-chroot

Suku
  • 2,036
  • 13
  • 15