On Tue, Oct 26, 2010 at 8:24 AM, Joachim Schipper <
joac...@joachimschipper.nl> wrote:
> On Tue, Oct 26, 2010 at 04:24:04AM -0700, Russell wrote:
> > On 10/22/2010 09:43 AM, Joachim Schipper wrote:
> > >On Thu, Oct 21, 2010 at 07:46:50PM +0200, Bret S. Lambert wrote:
> > >>On Thu, Oct 21, 2010 at 05:38:54PM +0000, Jay K wrote:
> > >>>My ideal setup would be:
> > >>> 1) no passwords ("*" in /etc/passwd or via vipw)
> > >>> 2) only ssh [keys] for remote access (...)
> > >>> 3) except console, where anyone should be able to login
> > >>> without any password (...)
> > >>[Set] "PasswordAuthentication" to "no" in your sshd_config file, and
> > >>hand out (...) simple passwords (...)
> > >Well, except when someone runs login(1) from an SSH'ed shell...
> > >
> > >I'm pretty sure you can just add a line along the lines of
> > >
> > >ttyC0 "//bin/ksh" vt220 on
> > >
> > >to /etc/ttys, if you insist.
> >
> > Don't I wish, as I have a box I would like to do this on(main
> > function in life is a 3270 emulator).
> > but getty sets a few enviroment variables that ksh wants, best I
> > could figure out was to make a getty-like stub that would set the
> > env and excve ksh. one of the many thing on my
> > "to-do-when-I-have-time" list I will never get around to.
>
> I think you mean login(1), see the ENVIRONMENT section.
>
> ksh actually starts just fine without any environment variables (env -i
> ksh), so I don't see the problem. Of course you'll want to set some
> ASAP.
I haven't tried it, but a look at the man pages gives me reason to think
that you can do this by:
1. modifying the "console" line in ttys(5) to invoke getty(8) with something
other than "std.9600", e.g. "getty console.nopw"
2. modifying gettytab(5) to add a "console.nopw" entry that specifies via
the "lo" capability to use "/usr/bin/su" as the login program.
the su(1) manpage says it will set some of the desired environment variables
(any it doesn't can be set statically via "ev" capabilities in gettytab(5)),
and if it's run as root it won't prompt for a password.
-ken
