Do a 'man sshd' and read the section on AUTHORIZED_KEYS FILE FORMAT. Specifically look at the 'command="command"' option and the environment settings. Also, make sure that PermitUserEnvironment is enabled.
Using keyfiles, you may enforce such a behavior. I dunno if you can do it with just password-auth though. I use this for doing RSYNC-over-SSH jobs, for instance. -- Coleman Kane On Sun, Mar 26, 2006 at 03:45:38PM +0200, Oren Shemesh (oshemesh) wrote: > Hello, > > I have a question about configuring SSH to connect to a specific CLI > application. This is for an Embedded Linux project. > > A telnet server can be configured to run a given application (By default > it is 'login', but you can set it to whatever you want). > I could not find any way to configure OpenSSH in such a manner. All I > could find is a configuration flag 'UseLogin' which tells it to run > login, but it is not sufficient to what I want. > > I want SSH to: > 1. Always run my CLI application, and ignore any 'command' that the > client wanted to run. > 2. Not check the user home directory for anything. My CLI application > will do the authentication using a simple user-name + password scheme > against a local user DB (The users in that DB are NOT Linux accounts). > 3. Since the SSH client asks the user for a user-name before even > connecting to the SSH server, and it passes this user-name to the SSH > server, I want the SSH server to pass this user-name to my CLI > application so that the user will not have to type the user-name again > for my CLI application. > > Basically, I want SSH to encrypt the traffic for protection against > eavesdropping, but I do not want it's client-authentication features > (Since the logged-in users do not exist as Linux accounts anyway). > > I would imagine that many embedded Linux systems with SSH support would > want to use SSH this way, yet I could not find any method of configuring > OpenSSH to function in such a way. Maybe I need to tweak the OpenSSH > sources ? Use a different SSH solution (i.e. not OpenSSH) ? What do > other Embedded-linux systems do ? > > Thanks a lot, Oren. > >
