[SOLVED] Custom SSH Banner with script

Ali3n0id · 02-21-2015, 07:37 AM

Hi all,

I want to create a SSH header for all my servers that will include some scripts.

For example it will display internal and external IP as well as memory usage.

I understand that you must edit the /etc/motd file to do this.

I have edited mine:

Code:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Current external IP: "$IP_SCRIPT"

I am new to scripts and wonder what's the process of getting this script to work

The IP_SCRIPT for example will use the curl -s and ifconfig commands to output results to the banner

pingu · 02-21-2015, 09:42 AM

I don't know if you can run a script from /etc/motd, but here's what I've done to achieve the same thing:
Basically, just call a script from users ~/.bashrc, it will print out when they login.
I always create a custom file "/tux/conf/profile/bash.sh" which is sourced from ~/.bashrc - this is because I want to keep all custom configuration in my own directory-structure, away from system.

Below is my "/tux/conf/profile/bash.sh", with some basic config and a script that is used for servers using "ucarp" - that is they share one virtual up and the one that holds that ip is the "live" web-server.

Code:

# Script to check for virtual ip, and server status
# But only for login shell

# Default prompt
PS1="[\u@\H:\w]$ " 

# Custom aliases
alias l='ls -la'

# PATH for sudo-users 
export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin:ih/sbin

# Script to check server status
# But only for login shell
case "$-" in *i*)    # This is the line that makes this script run only for login-shells
        if [[ $(ip addr show eth0 |grep "10.64.6.8") ]]; then
                echo -e "This server is \e[01;31m MASTER \e[0m"
        else
                echo "This server is Standby"
        fi
        echo ""
esac

TB0ne · 02-21-2015, 11:18 AM

Quote:

Originally Posted by Ali3n0id

Hi all,
I want to create a SSH header for all my servers that will include some scripts. For example it will display internal and external IP as well as memory usage. I understand that you must edit the /etc/motd file to do this.

I have edited mine:

Code:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

Current external IP: "$IP_SCRIPT"

I am new to scripts and wonder what's the process of getting this script to work The IP_SCRIPT for example will use the curl -s and ifconfig commands to output results to the banner

Look at the ForceCommand option in sshd_config:
http://linux.die.net/man/5/sshd_config

It *MAY* do what you're after, but use sparingly. If I remember correctly, I tried this once, and it DID let me execute things upon login, but it negated what I tried to do from the command line. For example, just logging in, things worked fine. If you tried doing "ssh user@host "/some/script.sh"", then the results may not be right...since you're FORCED to run one script first, before ANYTHING else.

ron7000 · 02-24-2015, 12:48 PM

might be slightly different on your system, i use Suse (opensuse and SLES).
look in file etc/ssh/sshd_config
for #Banner
uncomment it and do something like "Banner /etc/ssh_banner.txt"
where /etc/ssh_banner.txt is what you want displayed as a banner.

for executing script after logon,
in suse at the end of the /etc/bash.bashrc file which gets executed during logon there is

Code:

# And now let us see if there is e.g. a local bash.bashrc
# (for options defined by your sysadmin, not SuSE Linux)
#
case "$is" in
bash) test -s /etc/bash.bashrc.local && . /etc/bash.bashrc.local ;;
ksh)  test -s /etc/ksh.kshrc.local   && . /etc/ksh.kshrc.local ;;
zsh)  test -s /etc/zsh.zshrc.local   && . /etc/zsh.zshrc.local ;;
ash)  test -s /etc/ash.ashrc.local   && . /etc/ash.ashrc.local
esac
test -s /etc/sh.shrc.local && . /etc/sh.shrc.local

in /etc/bash.basrc.local and csh.cshrc.local is where i had all my admin stuff, in one spot.
I would put a call to whatever you want to happen in there.

one thing i always hated and never found out, is what the chronological process is when you log on to linux and whether distributions differ. after your password is accepted, then I know files like /etc/bash.bashrc and /etc/profile are sourced, and further things get run like if remote desktop and graphics like gdm and xdm are kicked off. But i would love to know that process in detail.

pan64 · 02-24-2015, 12:55 PM

that case is not necessary:

Code:

test -s /etc/$is.${is}rc.local && . /etc/$is.${is}rc.local

will do the job

Ali3n0id · 03-16-2015, 12:31 PM

Thank you all very much - the ForceCommand was exactly what I needed.

Now to customise this script to insanity.