Skip to main content

SSH as one user, get a terminal as another

• Tagged Server-side and Guide

I want to SSH into a server with one user account, but be presented with another user’s prompt — as if I connected and immediately ran sudo -su someone-else.

To do this, add ForceCommand /usr/bin/sudo -su someone-else /bin/zsh to /etc/ssh/sshd_config. Replace /bin/zsh with your shell of choice, for example /bin/bash.

This has nice benefits, such as Ctrl+D closing the entire SSH session instead of just the sudo session within the SSH session.

Why would you ever want this?

Cloudflare Access lets you SSH into servers and authenticate via single sign-on using short-lived certificates. It uses your email username as your UNIX username. But on my Raspberry Pi, no matter who SSHs in, I’d like them to act as the pi user. So, I can create a ‘dummy’ user account for each person’s email username, and then they’ll be able to SSH in with single sign-on but appear as the pi user.

You probably don’t want this on serious servers.

Previous post: msmtp and Google's SMTP Relay Service