I want to allow ssh access to a specific account, but if I connect using a specific puclic key, I should be dropped to a full shell, otherwise to a restricted one.
Example:
I connect with ssh to [email protected] using the public key ABCDEF (correctly set up in authorized_keys) and I get a /bin/zsh shell
If I connect to [email protected] with a password or another public key, I get a /bin/rsh shell
My idea was to create a custom intermediate shell (IE: /bin/mysh), check the key used and execute the correct shell from there, but I don't know how to check which key was used (or if it's possible at all).
env doesn't seem to contain anything useful.
Any ideas on how to do this or other possible solutions?
Thanks.
Use the
command
option in theauthorized_keys
file on the key you want to use an alternate shell with. See thesshd(8)
man page, AUTHORIZED_KEYS FILE FORMAT section, for details.