Unique scenario due to company policy

[slhussey]

We are using a miscellaneous userid to connect to the Linux server. Company policy states that direct login is not allowed. The only exception is if specific commands are executed, then the id can be configured to allow only those commands to be executed. But, they have to be executed with the SSH command (SSH id@server command). . . Is there a way with Co:Z Launcher to accomplish this?

[dovetail]

The Co:Z Launcher, under the covers, issues an ssh command, like:

ssh -R<port>:127.0.0.1:<port> remoteuser@remotehost /opt/dovetail/coz/bin/cozagent

So, "cozagent" is the command. You could like this as the allowed command on an authorized_keys line.

[slhussey]

Ok, the issue was that the agent was not installed where it was supposed to be, so I had to set the agent-path. . . not an optimal solution. . .

[dovetail]

Re: "not an optimal solution".
Please explain, I may be missing the context.

[slhussey]

The path includes the server name, so will be different on test than in production.

agent-path=/opt/app/q1edw1c1/coz/current_version/bin/cozagent

[slhussey]

What does the following indicate is going on?

CoZLauncherŽE: CoZAgent process (6020) ended with RC=1
CoZLauncherŽE: m92228@q1edw1c1.vci.att.com target command '<default shell>' ended with RC=1
CoZLauncherŽE: CoZLauncher ended with RC=1

CoZAgent: m92228@clti029 target program '/bin/nologin' PID: 29289
CoZAgent: completed with RC=1

[slhussey]

nologin is not-executable to prevent direct network login to this id. nologin is the default shell.

[slhussey]

Is there any way to specify the shell to run instead of using the default shell?

[dovetail]

By default, the cozagent will try to execute your default shell.

To run something besides the default shell, you can use the target-command property:

target-command=/bin/bash -l

for more info, see: http://dovetail.com/docs/coz/config.htm ... r_optional