public ssh applications
A while back someone emailed me to ask how I set this up.
ssh fortune@jump.bulletpr00f.host -p 2222
_________________________________________
/ Q: How many surrealists does it take to \
| change a light bulb? A: Two, one to |
| hold the giraffe, and the other to fill |
| the bathtub |
| |
| with brightly colored machine tools. |
| |
| [Surrealist jokes just aren't my cup of |
\ fur. Ed.] /
-----------------------------------------
\
\
.--.
|o_o |
|:_/ |
// \ \
(| | )
/'\_ _/`\
\___)=(___/
Connection to jump.bulletpr00f.host closed.
It automatically logs you in and displays a a penguin saying something.
Solderpunks blog post explains how it works really well but I figured I'd write a simple step by step thing to explain it in case anyone has trouble following it. Like for example me next time I break my server and can't recall exactly how this was done.
Steps
- Create the user with no password and blank gecos, if you want gecos leave the --gecos '' out. (gecos is the personal information like name phone number and stuff. I don't typically fill this out for service accounts.
the first command creates a user with no password, then the second deletes the password.
adduser --disabled-password --gecos '' fortune passwd -d fortune
- Put something like the following in your sshd config.
Note: some older versions of openssh-server have a bug where this does not work if you put it it in /etc/ssh/sshd_config.d/
So if you're running a version older than 8.4 you will have to put it in /etc/ssh/sshd_config directly
Match User fortune
PasswordAuthentication yes
PermitEmptyPasswords yes
ForceCommand fortune|cowsay -f tux
- restart your ssh server
That should pretty much do it.
also i run this weird setup inside of an lxd container on my host so I use this to forward port 2222 to port 22 in the container
lxc config device add games ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22