> To: > [email protected] > > > On 9/15/19 7:31 AM, shadrock uhuru wrote: >> hi everyone >> i can login with authpf but unable to exit or control D out of the ssh >> session >> the only way out is to control C which also kills any other ordinary ssh >> user connected to the server >> my authpf user has authpf as its login shell and login class, >> is this normal behaviour ? >> shadrock >> > If I understand your request, you want someone to log into your system, > which brings up authpf, and you want them to be able to do something to > exit to a shell prompt on that server and still leave the authpf rules > in place? > > That's not the way authpf was designed. > > The idea is that when authpf is invoked, it activates certain rules, > presumably regarding the IP address in question, and when authpf exits, > it removes those changes. Connect to authpf, now you can access the > web site, or FTP or whatever it is you need, terminate authpf, and no > one else at your IP can do those things. If you are letting these same > users access the shell prompt, your usage is not as paranoid as authpf > was designed to deal with, it's probably not the right tool for the job, > or your expectations are wrong. > > I run a private IRC server, which is blocked on the 'net by PF, but as > all the users are people I know in real life and friends, I trust them > to be able to activate their own IP addresses, so I just wrote a simple > (and surely insecure) script to add that user's IP address to the PF > table that permits them access to the system. What this doesn't do > (and I'm not sure how you expect to do this) is clear the connections > when they leave. In my case, I don't care -- the odds that after Fred > gets a new IP address that his old IP address will end up in the hands > of someone wanting to have access to my IRC server for malicious > reasons (and they find it!) is pretty small. But that might not be > your use case. If you need to close those openings...you had best > think hard about how you expect that to happen. > > Nick. > > Subject: > Re: authpf unable to exit ssh without control C > From: > Nick Holland <[email protected]> > Date: > 9/16/19, 12:39 PM >
Hi Nick i have sorted the problem with some pointers from irc.openbsd folks, what i actually needed was to be able to login with ssh with a non authpf user to view tcpdumps etc and then login to another ssh session with a authpf user for testing but when i logged out the authpf user it logged out the non authpf user aswell, it turns out that as both logins were from my laptop i.e the same ip address i needed to use the authpf-noip shell for the authpf user, now i can exit the ssh session for the authpf user without taking down the ssh session for the non authpf user . thanks for your time shadrock
