[ale] Scriptable motd for initial SSH login?

Michael H. Warfield mhw at WittsEnd.com
Wed Sep 14 17:08:34 EDT 2011


On Wed, 2011-09-14 at 15:37 -0400, James Sumners wrote: 
> Well, I had thought of that, but then I read [1] and it says:

> "SSHRC

> If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
>      files but before starting the user's shell or command.  It must not pro-
>      duce any output on stdout; stderr must be used instead."

> This is explicitly counter to what I want to do so I didn't even
> bother trying it. But, since you guys have suggested it, I just tried
> adding the following to ~/.ssh/rc and logging in:

Not quite sure why, especially since a normal motd is delivered on
stderr.

cat users_motd 1>2&

Not that big of a deal is it?

Add the checks that have been suggested to make sure you're connected to
a ptty and not some pipe and you should be good.

Mike

> #!/bin/bash
> echo -n "Does this work?\n"
> 
> Guess what? It worked. So, thank you for making me re-examine this option.
> 
> [1] -- http://www.manpagez.com/man/8/sshd/
> 
> On Wed, Sep 14, 2011 at 15:02, Chris Fowler <cfowler at outpostsentinel.com> wrote:
> > On Wed, 2011-09-14 at 14:31 -0400, Michael H. Warfield wrote:
> >
> >> Anything wrong with sticking it in their (or the default) sshrc file?
> >>
> >
> > I think that is an excellent solution.
> >
> > --------------------------------------------------------------------------------
> > 5.6.4. Arbitrary Actions with /etc/sshrc
> > When a user logs in, the normal Unix login system typically runs some
> > shell scripts, such as /etc/profile. In addition, sshd runs the
> > script /etc/sshrc for each SSH-based login. This feature lets the system
> > administrator run special commands for SSH logins that don't occur for
> > ordinary logins. For example, you can do some additional logging of SSH
> > connections, print welcome messages for SSH users only, and set
> > SSH-related environment variables.
> >
> > In all three, SSH1, SSH2, and OpenSSH, /etc/sshrc is processed by
> > theBourne shell ( /bin/sh) specifically, rather than the user's shell,
> > so that it can run reliably for all accounts regardless of their various
> > shells. It is run for logins (e.g., ssh my-host) and remote commands
> > (ssh my-host /bin/who), just before the user's shell or command is
> > invoked. It runs under the target account's uid, so it can't take
> > privileged actions. If the script exits due to an error (say, a syntax
> > error), the SSH session continues normally.
> >
> > Note that this file is run as input to the Bourne shell: sshd
> > runs /bin/sh /etc/sshrc, not /bin/sh -c /etc/sshrc. This means that it
> > can't be an arbitrary program; it must be a file containing Bourne-shell
> > commands (and it doesn't need the execute mode bit set).
> >
> > /etc/sshrc operates machinewide: it is run for every incoming SSH
> > connection. For more fine-grained control, each user may create the
> > script ~/.ssh/rc to be run instead of /etc/sshrc. [Section 8.4, "The
> > User rc File "] /etc/sshrc isn't executed if ~/.ssh/rc exists in the
> > target account. Note that SSH rc files interact with X authentication.
> > [Section 9.3.5.2, "xauth and the SSH rc files"]
> >
> > --------------------------------------------------------------------------------
> >
> > Create an /etc/sshrc and then create individual files
> > in /etc/user_motds/  Then use the UID's to display the individual files.
> > Something as simple as this:
> >
> > #!/bin/sh
> >
> > MOTD="/etc/user_motds/${UID}.txt
> >
> > if [ -f $MOTD ]
> > then
> >  cat $MOTD
> > fi
> 
> 
> 
> -- 
> James Sumners
> http://james.roomfullofmirrors.com/
> 
> "All governments suffer a recurring problem: Power attracts
> pathological personalities. It is not that power corrupts but that it
> is magnetic to the corruptible. Such people have a tendency to become
> drunk on violence, a condition to which they are quickly addicted."
> 
> Missionaria Protectiva, Text QIV (decto)
> CH:D 59
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110914/9b217a6a/attachment.bin 


More information about the Ale mailing list