noshell - Online in the Cloud

PROGRAM:

NAME

noshell — shell for administrative users that should never log in

DESCRIPTION

noshell is a shell that can be assigned to system users which need to be active but should
never log in to the system. noshell helps monitor attempts to access disabled accounts and
logs this into syslog.

If a user attempts to connect to the system through an administrative user that has a
valid password and uses noshell as his shell, then the use of noshell will be logged, the
connection will be terminated and the user will be unable to gain access to the host.

After connecting the login program might display the timestamp of the last loging. For
example, in a remote connection:

hostileuser@hostile_host% ssh -l adminuser remote_host

adminuser@remote_host's password: *******

(System's /etc/motd)

Last login: Sat Nov 22 23:30:41 2003 from localhost

Connection to remote_host closed.

If the user is denied access, noshell will send a message to syslog using the LOG_AUTH
facility. It does not provide any indication of wether this connection attempt was local
or remote, this information must be retrieved from other logs. In the above example the
following would get recorded in /var/log/authlog:

Nov 22 23:30:41 remote_host sshd[9950]: Accepted password for adminuser from
hostile_host port 44422 ssh2

Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session opened for user adminuser
by (uid=1)

Nov 22 23:30:41 remote_host noshell[9953]: Noshell warning: user adminuser login
from a disabled shell

Nov 22 23:30:41 remote_host ssh(pam_unix)[9952]: session closed for user adminuser

In Debian, noshell is an alternative to the nologin shell, the latter is provided in the
login package. The main differences between them is that noshell will not provide any
information of why the access has been denied.

OPTIONS

This program does not use any option.

Use noshell online using onworks.net services