I want to be able to confirm/authorize incoming ssh connections to my box.
I have this in /etc/ssh/sshd_config:
[code]Match User oracle
# X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
ForceCommand ~/bin/ssh-confirm[/code]
and my ~/bin/ssh-confirm is:
#!/bin/bash
[code]confirmfile="$HOME/allow-ssh-for-pid-26561"
if [ -f "$confirmfile" ]; then
echo "Old confirmation file found for the SSH session, exiting!"
exit 1
fi
# wait for a grant for 30 seconds before giving up
for ((i=0; i<30; i++)); do
if [ -f "$confirmfile" ]; then
rm "$confirmfile"
exec "$SHELL"
fi
sleep 1
done
echo "SSH access timed out."
exit 1[/code][Moderator edit: Added [i]code[/i] tags to preserve formatting.]
I just want to be able to be prompted to allow or disallow incoming ssh connections thats all..
SSH
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
SSH
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature.
I've never seen an approach like this, but doubt that the ssh config is going to recognize "~/bin/ssh-confirm". The usual approach to limiting SSH access it to use iptables rules to allow only certain hosts. See also the Wiki article:
http://wiki.centos.org/HowTos/Network/SecuringSSH
I've never seen an approach like this, but doubt that the ssh config is going to recognize "~/bin/ssh-confirm". The usual approach to limiting SSH access it to use iptables rules to allow only certain hosts. See also the Wiki article:
http://wiki.centos.org/HowTos/Network/SecuringSSH