I wonder if there is a tool/modified ssh-server/ssh option which enables me to grant ssh access for a single session to a given user. What I want to avoid is creating a user account and password for the specific guest. It could instead use an existing user account with certain access rights to be set once. I do not want to share the same account information with everybody I grant access to. The access permission should either work only once/time out after a given interval or the tool should ask me if it detects an access whether I want to grant it. The idea is to share a line like
ssh tempuser001@host
where tempuser001
is tells the server who tries to access but does not correspond to a real user. The user could use his temporary privileges to do all the fancy things you can with ssh connections, like scp
, rsync
, and whatever works through tunnels likevnc
, … The inspiration for this comes from teamviewer, a kind of vnc which permits a remote user to access my desktop once I shared an id with him.
Best Answer
One solution would be to use ssh keys for this.
You can specify a command to run whenever a certain ssh key is used to log into the server. By combining this with a simple login script you can get whatever access control you want.
Here is a quick example I whipped up which grants access until a certain date.
Add the user's ssh to the target user's
authorized_keys
file. In this example I add the date after which the user should no longer have access.~/.ssh/authorized_keys
And create the login script to be executed.
/etc/ssh/access.sh
(don't forget to
chmod a+x /etc/ssh/access.sh
after creating it)Once access has expired it'll look like this