LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   ssh banner (https://www.linuxquestions.org/questions/linux-general-1/ssh-banner-4175615467/)

mnauta 10-11-2017 11:29 AM
ssh banner
 
Hi,

I have an ssh banner set up, but would like to execute a script to show the incoming IP (just because I can, not for any valid security reason)

However the script works form the cli but not if executed by opening an ssh session here are the details.

/etc/ssh/sshd_config
Banner /usr/local/bin/mysshbanner

from cli I get:
mysshbanner
*******************************************
* *
* Welcome! ..... now leave please! *
* *
You are coming in from 192.168.1.33 port 42120
*******************************************


from starting ssh session I get:

ssh manuel@(removed)
#!/bin/bash
echo "*******************************************"
echo "* *"
echo "* Welcome! ..... now leave please! *"
echo "* *"
if [ -n "$SSH_CLIENT" ]
then
set $SSH_CLIENT
echo "You are coming in from $1 port $2"
fi
echo "*******************************************"
manuel@(removed) password:

Any suggested are appreciated.
Thanks
Manuel

Turbocapitalist 10-11-2017 12:35 PM
You could use "ForceCommand" for that. The following probaly works but I have not thought thoroughly about possible pitfalls:

Code:
ForceCommand /usr/local/bin/mysshbanner; sh -c 'if test -n "$SSH_ORIGINAL_COMMAND"; then $SSH_ORIGINAL_COMMAND; else $SHELL; fi'
A different question is whether it is a sound idea.

michaelk 10-11-2017 04:35 PM
One way of doing what you want is adding your code to the /etc/bashrc file. This is the system wide bashrc that is executed when any user logs in.

Code:
if [[ -n "$SSH_CONNECTION" ]]
then
  Echo "Welcome ..."
  set $SSH_CLIENT
  echo "You are coming in from $1 port $2"
fi
Either SSH_CLIENT OR SSH_CONNECTION should work.

Turbocapitalist 10-11-2017 10:01 PM
Actually, forget what I wrote in #2 above. michaelk's answer prompts me to remember that the manual page for sshd contains a quiet mention of /etc/ssh/sshrc, which is the global equivalent of ~/.ssh/rc.

Code:
man sshd
You can just put the working parts of your script into /etc/ssh/sshrc and it will run upon login with SSH.

lazydog 10-12-2017 01:10 PM
I'm watching this thread also as i'm interested in this as well.

The sshrc file works but is only displayed after you have logged in. I too would like to see it displayed with the banner also.

Turbocapitalist 10-13-2017 01:43 AM
Quote:
Originally Posted by lazydog (Post 5769225)
The sshrc file works but is only displayed after you have logged in. I too would like to see it displayed with the banner also.
I think that would require modification of the sshd source to add that new function. Currently it just reads a text file for the banner.

KenJackson 10-13-2017 10:19 AM
I do a similar thing. But I just use a common .bashrc file that I copy to every machine I have access to. Modifying it to get what you want would be something like this:

Code:
if [ -n "$SSH_CLIENT" ]; then          # Logged in via SSH
    p=${SSH_CLIENT#* }
    echo "You are coming from ${SSH_CLIENT%% *} port ${p% *}"
    unset p
fi

lazydog 10-13-2017 12:32 PM
Quote:
Originally Posted by Turbocapitalist (Post 5769389)
I think that would require modification of the sshd source to add that new function. Currently it just reads a text file for the banner.
Yeah, that is the conclusion I'm come too also.
Thanks.


All times are GMT -5. The time now is 05:29 AM.