Use patch instead of sed for maintaining changes to OpenSSH code
Patch OpenSSH to always set SSH_ORIGINAL_COMMAND
Use sshrc to send slack notifications
Use ForceCommand wrapper (fc) to call setup-google-authenticator
Use enforcer to delete . files in home directory (to make bypassing ForceCommand harder)
Support slack notifications via PAM (more secure because slack web hook url accessible only to root, but no access to SSH_ORIGINAL_COMMAND) or SSHRC (less secure because web hook url is exposed, but access to SSH_ORIGINAL_COMMAND)
what
script
withsudosh
patch
instead ofsed
for maintaining changes to OpenSSH codeSSH_ORIGINAL_COMMAND
sshrc
to send slack notificationsForceCommand
wrapper (fc
) to callsetup-google-authenticator
enforcer
to delete.
files in home directory (to make bypassingForceCommand
harder)SSH_ORIGINAL_COMMAND
) or SSHRC (less secure because web hook url is exposed, but access toSSH_ORIGINAL_COMMAND
)why
ForceCommand
is not sufficient for enforcing that a command is executed, especially for the purposes of auditingsudosh
cannot be circumvented when used as a system login shellsudo
audit logs are not accessible by other non-root users on the systemwho
@cloudposse/engineering