Create a simple perl script:
#!/usr/bin/perl
while(1) { sleep(3600); }
make it executable: chmod 755 /path/to/script.pl
and set it as the user's shell... thus the user will be connected, butwon't be
able to do anything...
Regards,Ventsi
On 3/18/06, Vincent Blondel <vincent@xtra-net.org> wrote:> Hello all,>> I am
trying to setup my bsd box so some users can transparently (with a> key and no
prompt for username/password) connect to it.>> I also want my users can connect
to this host without getting any shell> but I encounter some problems to
configure this.>> I created a user 'vincent' that I configure as locked and
without any> shell.>> root@wbedllfs [/usr/local/etc/ssh] # grep vincent
/etc/master.passwd>
vincent:*LOCKED**:1002:1002::0:0::/home/vincent:/nonexistent>> This is also my
current ssh daemon config :>> root@wbedllfs [/usr/local/etc/ssh] # cat
sshd_config> # $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp
$>> # This is the sshd server system-wide configuration file. See> #
sshd_config(5) for more information.>> # The strategy used for options in the
default sshd_config shipped with> # OpenSSH is to specify options with their
default value where> # possible, but leave them commented. Uncommented options
change a> # default value.>> Port 8022> Protocol 2> ListenAddress 10.66.1.2>> #
HostKey for protocol version 1> #HostKey /etc/ssh/ssh_host_key> # HostKeys for
protocol version 2> HostKey /etc/ssh/ssh_host_rsa_key> #HostKey
/etc/ssh/ssh_host_dsa_key>> # Lifetime and size of ephemeral version 1 server
key> #KeyRegenerationInterval 1h> #ServerKeyBits 768>> # Logging> #obsoletes
QuietMode and FascistLogging> SyslogFacility AUTH> LogLevel INFO>> #
Authentication:>> LoginGraceTime 2m> PermitRootLogin no> StrictModes yes>
MaxAuthTries 6>> RSAAuthentication yes> PubkeyAuthentication yes>
AuthorizedKeysFile .ssh/authorized_keys>> # For this to work you will also
need host keys> in /etc/ssh/ssh_known_hosts> RhostsRSAAuthentication no> #
similar for protocol version 2> HostbasedAuthentication no> # Change to yes if
you don't trust ~/.ssh/known_hosts for> # RhostsRSAAuthentication and
HostbasedAuthentication> #IgnoreUserKnownHosts no> # Don't read the user's
~/.rhosts and ~/.shosts files> IgnoreRhosts yes>> # To disable tunneled clear
text passwords, change to no here!> PasswordAuthentication no>
PermitEmptyPasswords no>> # Change to no to disable s/key passwords>
ChallengeResponseAuthentication yes>> # Kerberos options>
#KerberosAuthentication no> #KerberosOrLocalPasswd yes> #KerberosTicketCleanup
yes> #KerberosGetAFSToken no>> # GSSAPI options> #GSSAPIAuthentication no>
#GSSAPICleanupCredentials yes>> AllowTcpForwarding no> GatewayPorts no>
X11Forwarding no> #X11DisplayOffset 10> #X11UseLocalhost yes> PrintMotd yes>
PrintLastLog yes> TCPKeepAlive yes> #UseLogin no> UsePrivilegeSeparation yes>
PermitUserEnvironment no> #Compression yes> #ClientAliveInterval 0>
#ClientAliveCountMax 3> UseDNS yes> PidFile /var/run/opensshd.pid> MaxStartups
10>> # no default banner path> #Banner /etc/issue>> # override default of no
subsystems> #Subsystem sftp /usr/libexec/sftp-server>>> If I configure
a shell for the user, everything is working fine if I> remove the shell by
setting '/nonexistent' I get this error message :>> root@wbedllfs
[/home/vincent/.ssh] # ssh -T -l vincent -i id_rsa> 10.66.1.2 -p 8022>
Permission denied (publickey,keyboard-interactive).> root@wbedllfs
[/home/vincent/.ssh] #>> If I try to use '/sbin/nologin' I get this error
message:>> root@wbedllfs [/home/vincent/.ssh] # ssh -T -l vincent -i id_rsa>
10.66.1.2 -p 8022> This account is currently not available.>> So is there a way
to configure an ssh box so somebody can only connect> to it without getting any
prompt (User/password , this is already> configured ....) by only using RSA
private keys ( this is also ok ) and> without getting any shell ?>> Regards>
Vincent>>
