How to start a normal login shell in ForceCommand script?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

1. sshd on port 22 should provide "normal" ssh logins, but nothing
(i.e. no scp, sftp, or command execution).
Some users are placed into a menu and some go to the command line.
This is handled in their .profile.

2. sshd on port 1022 should provide scp and sftp to a set of group
but nothing else (i.e. no ssh login or command execution).

We have separated this functionality into 2 sshd invocations.

The following script for the port 22 implementation seems to work, but
all of the aliases defined in the users' .profile.
(script is invoked via the ForceCommand option in /opt/ssh/etc/

if [ ! "$SSH_ORIGINAL_COMMAND" = "" -o "$SSH_TTY" = "" ];then
  echo "No remote commands permitted."
  exit 1

. /etc/profile
. $/.profile

SFTP is disabled for port 22 in /opt/ssh/etc/sshd_config:
# override default of no subsystems
#Subsystem      sftp    /opt/ssh/libexec/sftp-server

HPUX 11.11
OpenSSH_5.1p1+sftpfilecontrol-v1.2-hpn13v5, OpenSSL 0.9.8j 07 Jan 2009
HP-UX Secure Shell-A.05.10.045, HP-UX Secure Shell version

What is the "proper" method for intercepting scp, sftp, or command
and when none are discovered, just proceed as ssh normally would?

Yes, we tried "$SHELL -", but it just exits.

Thanks to anyone who actually has this working and is willing to

Site Timeline