[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Close all ssh sessions



Hi Miquel,

i don`t know if you want to do this
for security, or just for easing youre work.

But as this is a Security list, i have a little
hint for you. ;-)

If the Program, used as login Shell, is a Shellscript,
then there is nearly always the possibility to
break the script and fallback to the executing
shell.

Think of an exception or simply an executed vi.
Remark: You can often get around exceptions using the trap command.

But it`s often better using a binary, doing exactly
the job you want to be done.

Just my 2 ct/eur. ;-)

		Dirk


Miguel ALBUQUERQUE wrote:
> Option 1 works wonderfully ! 
> 
> Thank you all ;-)
> 
> Miguel Albuquerque
> Network Administrator
> 
> CODaLIS SA
> 
> Chemin de Trèfle-Blanc 18
> 1228 Plan-Les-Ouates / CH 
> 
> TEL : +41 22 827 30 80 
> FAX : +41 22 827 30 33
> http://www.codalis.ch
> 
> 
> DISCLAIMER
> - This message is intended for the use of the named person only. The 
> information contained in this E-mail is confidential and any disclosure, 
> copying, distribution or taking any action in reliance on the contents of 
> this information is strictly prohibited. This message does not represent a 
> formal commitment by Codalis SA. Codalis SA is neither liable for the 
> proper and complete transmission of the information contained in this 
> communication nor for any delay in its receipt.
> 
> 
> 
> Polarizer <Polarizer@xxxxxxxxxx> 
> 24.11.2005 17:13
> 
> To
> suse-security@xxxxxxxx
> cc
> 
> Subject
> Re: [suse-security] Close all ssh sessions
> 
> 
> 
> 
> 
> 
> Miguel ALBUQUERQUE schrieb:
>> Hi,
>>
>> How can one force closing an open ssh session ? I want to disconnect a 
>> user right after executing a script no waiting for a timeout. Is that 
>> possible ?
> 
> I've 3 ideas
> 
> 1st)
> 
> What about to replace the login shell in /etc/passwd with the script
> the user can invoke. If script is done user gets logged out :O)_
> 
> youruser:x:1000:1000::/var/tmp/:/bin/yourscript
> 
> 2nd)
> 
> One can invoke a script via
> 
> ssh a.ip.addr.ess "command"
> 
> so if you can disable interactive sessions in sshd it will fulfill your
> requirements (Dunno how to accomplish that ad hoc)
> 
> 
> 3rd)
> 
> man bash
> 
> PPID   The process ID of the shell's parent.  This variable is readonly.
> 
> If one invokes a script this variable should contain the PID of the 
> underlying bash. Just kill -9 $PPID in the of the script.
> 
> Hope that helps
> 
> the polarizer
> http://www.codixx.de/polarizer.html
> 

-- 
xcldsc   
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
TRIA IT-consulting GmbH 
Joseph-Wild-Straße 20 
81829 München 
Germany 
Tel: +49 (89) 92907-0 
Fax: +49 (89) 92907-100  
http://www.tria.de 
 
 
Registergericht München HRB 113466 
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 
Geschäftsführer: Richard Hofbauer 
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx 
Nachricht an: miguel.albuquerque@xxxxxxxxxx, Polarizer@xxxxxxxxxx, suse-security@xxxxxxxx 
# Dateianhänge: 0 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here