From owner-freebsd-questions Wed Jul 17 15:21:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9451437B401 for ; Wed, 17 Jul 2002 15:21:23 -0700 (PDT) Received: from catflap.home.slightlystrange.org (host217-39-153-84.in-addr.btopenworld.com [217.39.153.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id B14FD43E3B for ; Wed, 17 Jul 2002 15:21:22 -0700 (PDT) (envelope-from dan@slightlystrange.org) Received: from danielby by catflap.home.slightlystrange.org with local (Exim 3.36 #1) id 17UxAa-00012Q-00 for freebsd-questions@freebsd.org; Wed, 17 Jul 2002 23:21:16 +0100 Date: Wed, 17 Jul 2002 23:21:16 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Subject: Re: Telnetd Message-ID: <20020717222115.GF634@catflap.home.slightlystrange.org> Reply-To: dan@slightlystrange.org Mail-Followup-To: freebsd-questions@freebsd.org References: <20020717220116.10321.qmail@linuxmail.org> <20020717220952.GE21153@freepuppy.bellavista.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020717220952.GE21153@freepuppy.bellavista.cz> User-Agent: Mutt/1.4i X-Scanner: exiscan *17UxAa-00012Q-00*VjlxBTVpUmc* (SlightlyStrange.org) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jul 18, 2002 at 12:09:52AM +0200, Roman Neuhauser wrote: > > I have a system running telnetd and sshd > > Some users may NOT use telnet to login, they have to login via sshd > > (using passwords). > > > > How do I do that? > > i'm not aware of any method. so, before someone comes with a > solution (if there's one), why can't all users use ssh? Perhaps you can take advantage of the $SSH_TTY variable that gets set for all ssh logins? A shell rc file can test for the presence (or absence, as you prefer) of this variable in the user's evironment and take the appropriate action (continue, or kill the shell and log the user off again.) At least one problem comes to mind, though, in that you would have to be quite draconian about ownership and permissions on the rc files, or users can simply edit or remove them. Maybe provide a standard one that performs the test, then if the session is permitted, make its last action to source another rc file that the user can edit (called, say, .login.local). You can then use "chflags schg" on the one YOU want control over. Haven't tried it, though, and it would involve writing variants of the file for Bourne-style shells and C-style shells. Then again, there may be more elegant ways of doing it... Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message