12

This question is not a duplicate. Please read it before you mark it as such.

Is it possible to assign nicknames or aliases to users on a Linux sever and SSH into the server using the nicknames? I am thinking something along the lines of the aliases for various commands that get added to the .bashrc or the .bash_aliases file, e.g.:

alias grep='grep --color=auto'

For example, if there is a requirement (business rule) to set up users on the server with their full name, e.g., john_smith instead of just their first name (john) but we want to nickname john_smith fruitloops and we want John to be able to:

ssh john_smith@ip_address

as well as:

ssh fruitloops@ip_address

If it is possible, where would the mapping between a user and their nickname be set up? Would the user fruitloops also need to exists on the sever?

This question is about setting up an alias for a user, not a host.

dw8547
  • 444
  • 4
  • 13
  • 1
    With a host alias you could do ssh fruitloop – Takkat May 24 '17 at 10:19
  • My question is about setting up an alias for a user, not the host. fruitloops refers to the user john_smith, not the IP address. – dw8547 May 24 '17 at 10:22
  • That's what a User fruitloop line would be for. You can add several entries in one config file. – Takkat May 24 '17 at 10:31
  • 1
    I believe these are not the same questions ... +1 to question ;) – Ravexina May 24 '17 at 10:32
  • 1
    Sorry for my misunderstanding - a SSH host alias would have to be set up on the client but what you need is a solution that was set up on the server. Retracted my close vote. – Takkat May 24 '17 at 10:59
  • 1
    I think this is possible with some PAM trickery (if you're using PAM that is).

    I may be able to find some old code along these lines (if I do I'll post as an answer).

     – Sumudu Fernando May 24 '17 at 13:21
  • I don't really understand your real goal - you want to be able to access a remote account by not using the real (remote) account name ? – guntbert May 25 '17 at 15:37
  • @guntbert, the requirement is to assign accounts to users on the remove using their full names e.g., john_adam_smith_brown but the users don't want to have to type that in everytime they want to SSH into the remote. They want to type something much shorter, like a nickname they chose for themselves or just their first name. So john_adam_smith_brown would like to SSH in as jon. – dw8547 May 26 '17 at 08:33
  • personally i found it sufficient to do alias sshfoo='ssh hanshenrik@foo.com' – hanshenrik Dec 07 '17 at 22:42

2 Answers2

15

Each user in linux has only one name and that is his only name. you can create aliases for commands not for users.

But you can create a second user with the same UID, home directory and password that would do the trick for you.

Jakuje
  • 6,605
  • 7
  • 30
  • 37
Ziazis
  • 2,174
  • So my /etc/passwd entries corresponding to these users would look like: john_smith:x:1001:1001:,,,:/home/john_smith:/bin/bash and fruitloops:x:1001:1001:,,,:/home/john_smith:/bin/bash ? – dw8547 May 24 '17 at 10:49
  • 2
    I tried 3 different approaches after adding user john_smith with UID = 1001. 1) adduser --home /home/john_smith --uid 1001 fruitloops, this did not work (adduser failed because userid was taken) 2) useradd --home /home/john_smith --non-unique --uid 1001 fruitloops, this did work but lead to some behaviour that wasn't desirable 3) Finally I added the line fruitloops:x:1001:1001:,,,:/home/john_smith:/bin/bash directly to the /etc/passwd file and this was closest to what I was after. I SSH into ip_address as fruitloops and land in /home/john_smith upon arrival. – dw8547 May 24 '17 at 12:07
  • 1
    I'm going to quibble with your wording here. In your scenario, you've created one user (1001) with two different login names. You haven't done it here, but there's no reason the two names can't have different home directories and login shells. Log in as "fruitloops" and create a file. Now check the directory and you'll see that john_smith is shown as the file's owner, because that's the first name found in /etc/passwd for uid 1001. We can argue about whether john_smith is the name and fruitloops is an alias, or john_smith is the primary name and fruitloops secondary, but that's semantic. – Monty Harder May 24 '17 at 18:24
  • 3
    "you can create a second user with the same UID, home directory and password" – that sounds like a terrible hack that's not guaranteed to work across different POSIX-compliant implementations. POSIX requires that the relationship between user names and user IDs be bidirectionally distinct. – David Foerster May 24 '17 at 20:07
  • @dw8547 Can you explain a bit more about the undesirable behavior from the useradd command? – Monty Harder May 24 '17 at 22:31
  • @MontyHarder, when the user arrives at the host, we want the default shell to be bash. When testing this out with approach 2) above without any additional changes to the configuration files for the user, when we arrive at the host, we land in the POSIX shell. In this shell, the prompt looks like $ so the user doesn't see the helpful information that the bash shell displays at the prompt, i.e., user_name@host_name:current_directory$. – dw8547 May 25 '17 at 08:07
  • @MontyHarder, yes, if the user logs in as fruitloops and say creates a file, the file owner and author is showing up as john_smith. That is in fact what we want. We only want to be able to SSH in with what is supposed to be a shorter alias. In the example I made up fruitloops isn't really that much shorter but we want to come up with a solution that will allow john_adam_smith_brown to log in as jon and daniel_john_smith_white to log in as dan, etc. – dw8547 May 25 '17 at 08:19
1

I haven't tried this but another option besides the two users mapped to a single UID (which IMO seems dangerous but this option is probably equally dangerous) is to have a single user serve as a redirector based on SSH key. This is how source control repositories that use SSH typically work.

Lets call the user me. Everyone will use this alias.

ssh me@ip_address

Now the user me has all of users public keys in their ~/.ssh/authorized_keys. 

command="sudo -i -u user-mapped-to-key" ssh-rsa key

You will need to make the user me have the ability to sudo as the other users and you will need to manage me authorized keys file.

Anyway I haven't tested this but in theory something like this should work.

Adam Gent
  • 111