How to force SSH prompting for Username

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply
User avatar

Topic author
jeetu.singh
Contributor
Posts: 22
Joined: Fri Jun 28, 2019 6:12 am
Reputation: 0
Status: Offline

How to force SSH prompting for Username

Post by jeetu.singh » Wed Aug 24, 2022 12:43 pm

Hello Team,

Looking for assistance to guide me how can I force SSH connection to prompt Username ?


tim.stegner
VSI Expert
Valued Contributor
Posts: 55
Joined: Wed Jul 21, 2021 9:14 am
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by tim.stegner » Wed Aug 24, 2022 1:22 pm

The username is supposed to be part of the connection string; e.g. <username>@<destination>
If not supplied, the username from the originating process is used by default.

per the doc: "ssh connects and logs into the specified destination, which may be specified as either [user@]hostname or a URI of the form ssh://[user@]hostname[:port]. The user must prove their identity to the remote machine using one of several methods."

the "-l" option may be of use: "-l login_name
Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file."

Regardless, you appear to be required to supply a username via -some- mechanism. SSH doesn't appear to have a mechanism to -force- a username prompt.

Googling suggests various approaches including setting a default username in your user profile, but nothing for -forcing-, as you request.


sms
Master
Posts: 317
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by sms » Wed Aug 24, 2022 3:02 pm

Code: Select all

> [...] how can I force SSH connection to prompt Username ?

   Which version of SSH, running on what?

      ssh -"V"

   Why?  Is there some actual problem which you are trying to solve?


> [...] SSH doesn't appear to have a mechanism to -force- a username
> prompt.

   I don't recall ever having seen one anyplace.  I also can't think of
a reason to want this.


jonesd
Valued Contributor
Posts: 74
Joined: Mon Aug 09, 2021 7:59 pm
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by jonesd » Wed Aug 24, 2022 10:14 pm

The SSH V1 server I wrote 20+ years ago had a configuration option that would force 2 logins. The first login, using the standard SSH mechanisms (username/password or RSA key) would just get you a bare PTY without logging it in. The job controller would then kick off a regular loginout image on the PTY and you'd get a VMS username/password dialog to authenticate you. The big benefit for me when using this option was that this path through loginout supported virtual terminals. A transient connectivity problem didn't mean losing your login session.

User avatar

Topic author
jeetu.singh
Contributor
Posts: 22
Joined: Fri Jun 28, 2019 6:12 am
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by jeetu.singh » Thu Aug 25, 2022 2:49 am

Thanks to all of you for input. Any other suggestion to achieve my goal, would be appreciated.

Which version of SSH, running on what?

ssh -"V"
SSH Secure Shell OpenVMS (V5.5) 3.2.0 on HP BL860c

Why? Is there some actual problem which you are trying to solve?
We are using LDAP authentication as default for user login. sometime if we face issue LDAP authentication, We can
login to server via telnet providing Username : username/local or if we want to bypass sylogin.com execution by
giving Username= username/nocommand. I want to achieve same functionality with SSH forcing to prompt
Username.


> [...] SSH doesn't appear to have a mechanism to -force- a username
> prompt.


sms
Master
Posts: 317
Joined: Fri Aug 21, 2020 5:18 pm
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by sms » Fri Aug 26, 2022 12:25 am

Code: Select all

> [...] username/nocommand [...]

   Ah.  I forget about that feature for years at a time, until someone
reminds me again that it exists.  I practically never use it, but I can
see how it might be handy in some cases.

   At a quick glance, it seems as if a clever, VMS-oriented SSH server
might be able to take a user name spec like "real_user/nocommand",
separate out the "real_user" part for normal use, and then deal with the
"/nocommand" part when it creates the interactive process.

   Or, perhaps, accept some "-o <option>" which the client could pass
in.

   In any case, I suspect that you have a feature request there.

   I'd probably be trying to get logged it somehow, and then use
"SET HOST 0" to get a more VMS-like "Username: " prompt.

User avatar

puder
VSI Expert
Contributor
Posts: 10
Joined: Thu Aug 29, 2019 1:44 pm
Reputation: 0
Status: Offline

Re: How to force SSH prompting for Username

Post by puder » Mon Aug 29, 2022 4:46 pm

I know you'd like ssh to do all of the authentication work, but is there a problem with having a preceding command display a prompt if necessary, read the username from the terminal, and pass it on the command line to ssh? Doing that with a password is very insecure, but while keeping usernames super secret is good, security should not rely on that.

Post Reply