I suppose you've configured your sshd server to launch a unix shell such as the sh one. This means when you run the whoami command, this unix executable will return the current unix user. Unfortunately, sshd is not integrated with the unix security layer at this point, so the user will be the one that launched the sshd server and not the user of the ssh session.
For sshd to be fully integrated, we need to use the unix PAM mechanism. There is a maven module which has been started some time ago which contain a basic authenticator using PAM, which means that users authentication can actually be delegated to the unix system. Unfortunately this integration is not complete and the shell is not started with the proper credentials, so that even in this case, whoami would still return the user that started the sshd process (I think). The problem is that I haven't found any java pam library which is apache licensed compatible and sufficiently low level to allow the full integration we need. So if you really want to behave like a real sshd server, we need to * find/write a better pam library (or enhanced the existing one) * write a pam shell factory that would login with the pam api and start the correct shell Hopes this helps. On Mon, Feb 8, 2010 at 17:49, <prashant.ghoti...@nomura.com> wrote: > HI, > > I am using Apache MINA SSHD code. I am able to start the Sshd Server. I > have one query. > > I am starting the server using a user say "xyz". > I have added my authentication mechanism. Now when a user say "abc" > login successfully on the sshd server. > When I typed whoami ..its gives me "xyz" (the user which is used to > start the sshd server ) rather than "abc" the actual user. > > Can anybody help me on this. Any help will be appreciated. > > Thanks > > Prashant > > > This e-mail (including any attachments) is confidential, may contain > proprietary or privileged information and is intended for the named > recipient(s) only. Unintended recipients are prohibited from taking action on > the basis of information in this e-mail and must delete all copies. Nomura > will not accept responsibility or liability for the accuracy or completeness > of, or the presence of any virus or disabling code in, this e-mail. If > verification is sought please request a hard copy. Any reference to the terms > of executed transactions should be treated as preliminary only and subject to > formal written confirmation by Nomura. Nomura reserves the right to monitor > e-mail communications through its networks (in accordance with applicable > laws). No confidentiality or privilege is waived or lost by Nomura by any > mistransmission of this e-mail. Any reference to "Nomura" is a reference to > any entity in the Nomura Holdings, Inc. group. Please read our Electronic > Communications Legal Notice which forms part of this e-mail: > http://www.Nomura.com/email_disclaimer.htm > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
