I'm trying to set up sshd to do some funky things on a dedicated server. (Which is to say, don't worry about why I'm asking such a strange question; I'm just experimenting to see how I can abuse OpenSSH.)
I'd like to allow a user to log into the system using a made-up name. For instance:
$ ssh joeschmoe@crazysshserver.com
where there's no (UNIX) user on the system named joeschmoe.
When they connect, I'd like them to be logged in as a user which does exist, named guest, and have something in the environment set to joeschmoe so I know who they logged in as.
Is it possible to decouple the notions of UNIX-user and ssh-user?
Best Answer
I've been working on quite similar case. In my case I've decided to implement this as host based authentication. You just have to understand where you have to create the user and the best place is getpwnam call implemented in name services switch. In my opinion it's not possible to implement user creation in PAM, I think that SSH requires user details before it actually calls PAM modules, however, it may depend on the authentication type.
My blog post describing how to do that with hostbased authentication and login to the same username: https://funinit.wordpress.com/2018/01/29/host-based-ssh-as-sso/
Github project with NSS service library implementing getpwnam in appropriate way: https://github.com/cinek810/libnss-pool
If you want to log every one as guest, you can check the other NSS library(ato stands for all to one):https://github.com/donapieppo/libnss-ato