I want to SSH into a server with one user account, but be presented with another user’s prompt — as if I connected and immediately ran sudo -su someone-else
.
To do this, add ForceCommand /usr/bin/sudo -su someone-else /bin/zsh
to /etc/ssh/sshd_config
. Replace /bin/zsh
with your shell of choice, for example /bin/bash
.
This has nice benefits, such as Ctrl+D
closing the entire SSH session instead of just the sudo
session within the SSH session.
Why would you ever want this?
Cloudflare Access lets you SSH into servers and authenticate via single sign-on using short-lived certificates. It uses your email username as your UNIX username. But on my Raspberry Pi, no matter who SSHs in, I’d like them to act as the pi
user. So, I can create a ‘dummy’ user account for each person’s email username, and then they’ll be able to SSH in with single sign-on but appear as the pi
user.
You probably don’t want this on serious servers.