Can I get OpenSSH's sshd to accept a login for a non-existent user?
Solution 1:
I've been working on quite similar case. In my case I've decided to implement this as host based authentication. You just have to understand where you have to create the user and the best place is getpwnam call implemented in name services switch. In my opinion it's not possible to implement user creation in PAM, I think that SSH requires user details before it actually calls PAM modules, however, it may depend on the authentication type.
My blog post describing how to do that with hostbased authentication and login to the same username: https://funinit.wordpress.com/2018/01/29/host-based-ssh-as-sso/
Github project with NSS service library implementing getpwnam in appropriate way: https://github.com/cinek810/libnss-pool
If you want to log every one as guest, you can check the other NSS library(ato stands for all to one):https://github.com/donapieppo/libnss-ato
Solution 2:
If you want to allow all users to login, you can skip the password check and instead create an account for them when they first attempt to login:
-
Install
libpam-script. For example:sudo apt-get install libpam-script In the auth section of
/etc/pam.d/sshd, replacepam_unix.sowithpam_script.so. Some Linux distributions will automatically make this change for you. For example, in Ubuntu 14.04,pam_script.sowill be added to/etc/pam.d/common-authwhich is included in/etc/pam.d/sshd.-
Create
/usr/share/libpam-script/pam_script_authwith the following contents:#!/bin/bash adduser $PAM_USER --disabled-password --quiet --gecos "" exit 0 -
Make the script executable via:
chmod +x /usr/share/libpam-script/pam_script_auth Be happy.