There was a similar email a little while ago. Here are the most useful
ideas (bottom is most recent in the response).
Well, you *could* do the "acceptance by logging in" thing... or
force them to type [yes|no]. Here's how I accomplish that.
Firstly, thanks for the help.
I've done this on a test platform, and I end up with a dialog
log into the GUI, but hitting the cancel button still lets me in.
I DO NOT get a prompt when I ssh, nor do I get one from the text
or tty consoles (ctl+F1 through ctl+F6).
Any ideas on implement this in those circumstances?
Have you tried implementing this by replacing the user's shell (in
/etc/passwd or equivalent) with your own wrapper script?
Hmmm...replace bash (or leave bash alone and replace the login
/etc/passwd) with a script that calls bash if they say OK? No, I
thought of that. I'll try it on my test platform, and report back.
be interesting to see how Windows programs like putty and winscp
We did a somewhat-similar task at a place where I used to work. We
everyone's login shell to a locally-written perl script. That perl
did things such as ensure that the user had permission to log in to
system (checking against user database), check the user's quota,
a blurb, then exec( )'d tcsh. It needed some interupt handling,
fit what you want to do. I don't have the code anymore, but this
give you an idea of what direction to go. (Would you need to record
user's answers to your question in a database for future
might give you that ability.)
This worked with all of the SSH clients we had around (OpenSSH,
TeraTerm, maybe PuTTY).
On Jul 24, 2008, at 1:52 PM, Paul Whitney wrote:
-----BEGIN PGP SIGNED MESSAGE-----
I have created a consent banner and wrote a script that I want
the banner has been displayed. The user is then forced to enter "y"
to the consent statement.
How do I invoke the script after the banner has been displayed?
For example, /etc/ssh/sshd.conf has /etc/banner defined. So when I
the local box, I see the banner. I want to take it a step further
a yes or no answer.
I tried putting it in /etc/profile, that did not work because GDM
start. I tried /etc/bashrc, but that did not work well either.