[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Close all ssh sessions
Hi Miquel,
i don`t know if you want to do this
for security, or just for easing youre work.
But as this is a Security list, i have a little
hint for you. ;-)
If the Program, used as login Shell, is a Shellscript,
then there is nearly always the possibility to
break the script and fallback to the executing
shell.
Think of an exception or simply an executed vi.
Remark: You can often get around exceptions using the trap command.
But it`s often better using a binary, doing exactly
the job you want to be done.
Just my 2 ct/eur. ;-)
Dirk
Miguel ALBUQUERQUE wrote:
> Option 1 works wonderfully !
>
> Thank you all ;-)
>
> Miguel Albuquerque
> Network Administrator
>
> CODaLIS SA
>
> Chemin de Trèfle-Blanc 18
> 1228 Plan-Les-Ouates / CH
>
> TEL : +41 22 827 30 80
> FAX : +41 22 827 30 33
> http://www.codalis.ch
>
>
> DISCLAIMER
> - This message is intended for the use of the named person only. The
> information contained in this E-mail is confidential and any disclosure,
> copying, distribution or taking any action in reliance on the contents of
> this information is strictly prohibited. This message does not represent a
> formal commitment by Codalis SA. Codalis SA is neither liable for the
> proper and complete transmission of the information contained in this
> communication nor for any delay in its receipt.
>
>
>
> Polarizer <Polarizer@xxxxxxxxxx>
> 24.11.2005 17:13
>
> To
> suse-security@xxxxxxxx
> cc
>
> Subject
> Re: [suse-security] Close all ssh sessions
>
>
>
>
>
>
> Miguel ALBUQUERQUE schrieb:
>> Hi,
>>
>> How can one force closing an open ssh session ? I want to disconnect a
>> user right after executing a script no waiting for a timeout. Is that
>> possible ?
>
> I've 3 ideas
>
> 1st)
>
> What about to replace the login shell in /etc/passwd with the script
> the user can invoke. If script is done user gets logged out :O)_
>
> youruser:x:1000:1000::/var/tmp/:/bin/yourscript
>
> 2nd)
>
> One can invoke a script via
>
> ssh a.ip.addr.ess "command"
>
> so if you can disable interactive sessions in sshd it will fulfill your
> requirements (Dunno how to accomplish that ad hoc)
>
>
> 3rd)
>
> man bash
>
> PPID The process ID of the shell's parent. This variable is readonly.
>
> If one invokes a script this variable should contain the PID of the
> underlying bash. Just kill -9 $PPID in the of the script.
>
> Hope that helps
>
> the polarizer
> http://www.codixx.de/polarizer.html
>
--
xcldsc
TRIA IT-consulting GmbH
Joseph-Wild-Straße 20
81829 München
Germany
Tel: +49 (89) 92907-0
Fax: +49 (89) 92907-100
http://www.tria.de
Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer
kaufm. Geschäftsleitung: Rosa Igl--------------------------------------------------------
Nachricht von: Dirk.Schreiner@xxxxxxx
Nachricht an: miguel.albuquerque@xxxxxxxxxx, Polarizer@xxxxxxxxxx, suse-security@xxxxxxxx
# Dateianhänge: 0
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here