Running a shell script for certain user who logs in with SSH

You can accomplish this kind of behaviour by changing the shell of the account in question to the script you want to be run. In that case, the user does not get its normal prompt, where to enter normal commands like ls, cd etc. at all. Instead your script is run at login and you may there have the functionality you need.

To change the shell, you can use chsh-command or change it directly into /etc/passwd. The new shell (your script) must also be listed in /etc/shells for this to work.


I think the thing you're looking for is called Forced Commands:

http://oreilly.com/catalog/sshtdg/chapter/ch08.html#22858

Forced commands can be quite useful. Suppose you want to give your assistant access to your account but only to read your email. You could associate a forced command with your assistant's SSH key to run only your email program and nothing else.

In SSH1 and OpenSSH, a forced command may be specified in authorized_keys with the "command" option preceding the desired key. For example, to run the email program pine whenever your assistant connects:

# SSH1, OpenSSH
command="/usr/local/bin/pine" ...secretary's public key... 

In SSH2, a forced command appears on the line immediately following the desired Key, using the Command keyword. The previous example would be represented:

# SSH2 only
Key secretary.pub
Command "/usr/local/bin/pine"

This will only allow them to run one command I believe. If you need to allow them more you can use Authprogs. It's a Perl script that has a .conf file where you can specify commands that a person is allowed to run.

  • Authprogs SSH Command Authenticator
  • Authprogs Source Tree