Re: IDing originating user?
From:Date: 11/14/02
- Next message: : "Re: ssh says "Too many users" even when only 1 user logged on"
- Previous message: Emil Petkov: "Message Authentication Code did not verify"
- In reply to: dkoleary@attbi.com: "IDing originating user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Nov 2002 23:52:57 GMT
<dkoleary@attbi.com> wrote in message
news:NNvA9.23088$W4.1832067@news.randori.com...
> Hey;
>
> I recently implemented f-secure on about 50 HP servers and everything's
> working great. There's one last little bit of functionality that I'd
> like to implement from our old environment.
>
> Here's what we used to have:
>
> * Telnet access allowed for everyone except root - had to su or sudo into
> root.
> * Root's profile would set the command line history file based on the
> originating user name - ~root/.sh_history.dkoleary, for instance.
>
> With the new ssh environment, I'm allowing the admins to get directly
> into root with public key authentication. The issue is that everyone
> is now sharing the same history file.
>
> I have figured out two potential work arounds:
>
> * Creating a script and using a command keyword to call it
> in the ~/.ssh2/authorization file. The script will ID the
> user and set the history file appropriately.
> * Obtaining the pid from the SSH2_AUTH_SOCK, id'ing public key
> from the syslog used for that pid, then setting the history file
> from that.
>
> Both of these methods are about as ugly as sin. Is there a clean
> way of identifying the originating public key and/or originating
> user?
Create multiple UID 0 users with distinct login directories.
- Next message: : "Re: ssh says "Too many users" even when only 1 user logged on"
- Previous message: Emil Petkov: "Message Authentication Code did not verify"
- In reply to: dkoleary@attbi.com: "IDing originating user?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
