Linux Basic 05

Introduction

EHCTF

Category: Misc

Write-up date: 03/03/2025

Question: Trong linux, khi ssh từ một phiên login shell thành công thì hệ thống sẽ nạp file nào đầu tiên?

Point: 250

Solve

Arcoding to man ssh, the login process follow this step.

LOGIN PROCESS
    When a user successfully logs in, sshd does the following:
        1.   If the login is on a tty, and no command has been specified, prints last login time and /etc/motd (unless prevented in the configuration file or by ~/.hushlogin; see the “FILES” section).

        2.   If the login is on a tty, records login time.

        3.   Checks /etc/nologin; if it exists, prints contents and quits (unless root).

        4.   Changes to run with normal user privileges.

        5.   Sets up basic environment.

        6.   Reads the file ~/.ssh/environment, if it exists,  and  users  are  allowed  to  change their  environment. See  the  PermitUserEnvironment option in sshd_config(5).

        7.   Changes to user's home directory.

        8.   If  ~/.ssh/rc  exists  and the sshd_config(5) PermitUserRC option is set, runs it; else if /etc ssh/sshrc exists, runs it; otherwise runs xauth(1).  The “rc” files are given the X11 authentication protocol and cookie in  standard  input. See “SSHRC”, below.

        9.   Runs  user's  shell or command.  All commands are run under the user's login shell as specified in the system password database.

So if the user pass the /etc/nologin, the system will load the basic enviroment located in /etc/profile

FLAG: EHCTF{/etc/profile}