Infrastructure Software

I have searched for solutions to this problem for quite some time, so any help would be greatly appreciated.

For clarity, I will give the full description:

Solaris 10, fully patched, running Sun SSH.

back with rsh (and still can if rsh is enabled), if you set /dev/console in /etc/default/login, you could, as root perform:
# rsh problemHost <some_command>
and it would execute, however if you ran
# rsh problemHost
it would return "not on system console"

If a normal user did it, it would work, as /dev/console was only limited to ROOT.

Currently, I have UseLogin set in my sshd_config file. This is allowing this same functionality; root is allowed remote execution and denied shell access via ssh (with keys only of course). However, my problem is that it is denying ALL USERS a shell. So, users can run ssh problemHost <command>, but cannot ssh to the problem host for an interactive session.

I need this type of functionality to maintain a solid BSM audit trail for compliance to our SOX standards.


EXAMPLE::

Current Situation:

# whoami
root
# ssh problemHost hostname
problemhost.domain
# ssh problemHost
Not on a system console.
connection closed

# whoami
user1
# ssh problemHost hostname
problemHost.domain
# ssh problemHost
Not on a system console.
connection closed.
#

Desired/EXPECTED results:

# whoami
root
# ssh problemHost hostname
problemhost.domain
# ssh problemHost
Not on a system console.
connection closed

# whoami
user1
# ssh problemHost hostname
problemHost.domain
# ssh problemHost

Welcome to problemHost!!!
problemHost ~>

Edited by: jcarlson-cin on Apr 22, 2008 5:27 PM