IDing originating user?
From: dkoleary@attbi.comDate: 11/13/02
- Next message: Emil Petkov: "Message Authentication Code did not verify"
- Previous message: Brandon: "Re: openssh 3.4p1"
- Next in thread: : "Re: IDing originating user?"
- Reply: : "Re: IDing originating user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dkoleary@attbi.com Date: Wed, 13 Nov 2002 17:16:34 GMT
Hey;
I recently implemented f-secure on about 50 HP servers and everything's
working great. There's one last little bit of functionality that I'd
like to implement from our old environment.
Here's what we used to have:
* Telnet access allowed for everyone except root - had to su or sudo into
root.
* Root's profile would set the command line history file based on the
originating user name - ~root/.sh_history.dkoleary, for instance.
With the new ssh environment, I'm allowing the admins to get directly
into root with public key authentication. The issue is that everyone
is now sharing the same history file.
I have figured out two potential work arounds:
* Creating a script and using a command keyword to call it
in the ~/.ssh2/authorization file. The script will ID the
user and set the history file appropriately.
* Obtaining the pid from the SSH2_AUTH_SOCK, id'ing public key
from the syslog used for that pid, then setting the history file
from that.
Both of these methods are about as ugly as sin. Is there a clean
way of identifying the originating public key and/or originating
user?
Any help would be greatly appreciated.
Doug O'Leary
--------
Senior UNIX Admin
Independent consultant
dkoleary@attbi.com
resume: http://home.attbi.com/~dkoleary/resume.html
- Next message: Emil Petkov: "Message Authentication Code did not verify"
- Previous message: Brandon: "Re: openssh 3.4p1"
- Next in thread: : "Re: IDing originating user?"
- Reply: : "Re: IDing originating user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
