[SOLVED] Shell Wrapper: Which user connecting VIA SSH

Issue

I'm having issues wrapping my head around the topic discussed below in the Git user manual. Any elaboration or links would be helpful. I've found a couple topics discussing this, but I honestly am having issues comprehending the overall concept, language it's to be written in, and so on.

If you’ve allowed everyone to connect with a single user (like "git") via public-key authentication, you may have to give that user a shell wrapper that determines which user is connecting based on the public key, and set an environment variable specifying that user. Here I assume the connecting user is in the $USER environment variable, so your update script begins by gathering all the information you need:

Quoted from here

Edit: Having issues figuring out the command that I need to use to see the SSH key that the remote user is passing in. Additionally, I have no idea how to iterate through the authorized_keys file to match keys up. Is there any documentation on this matter?

Solution

A wrapper script is just a script that you call that then calls another script or program.

This is done fairly often in unix.

A user's shell is bascially a program. So you can wrap it in a script as well.

If you have a user 'tom'. He'll appear in /etc/passwd as such:

tom:x:91:91:Tom Mot:/home/tom:/bin/bash

But tom is actually the account shared by the tom dept.

So you want to set some variables up in the env that identify which member of the tom dept is logging in.

You do this by changing the /bin/bash attribute to /bin/tom-wrapper

And then you add a script in that path:

/bin/tom-wrapper:

#!/bin/bash

KEY=$(figure out the ssh key the user used to log in) if [ $KEY == $tom_user_one ]; then
    USER="Tom User One"
    /bin/bash fi

if [ $KEY == $tom_user_two ]; then 
    USER="Tom User Two"
    /bin/bash fi

echo "You aren't the Tom I am looking for." exit 0

That's a super simplistic script that doesn't quite do what you want but demonstrates the theory.

Remember to chmod +x the script.

Then when the user logs in, instead of hitting bash directly, they hit your script... which figures out which tom user this is... sets and env variable named user identifying the user, and then gives the user a shell.

Super over simplified but it is the basic idea.

Answered By - Matt Joyce

Answer Checked By - Katrina (WPSolving Volunteer)