[ale] Scriptable motd for initial SSH login?

James Sumners james.sumners at gmail.com
Wed Sep 14 15:37:47 EDT 2011


Well, I had thought of that, but then I read [1] and it says:

"SSHRC

     If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment
     files but before starting the user's shell or command.  It must not pro-
     duce any output on stdout; stderr must be used instead."

This is explicitly counter to what I want to do so I didn't even
bother trying it. But, since you guys have suggested it, I just tried
adding the following to ~/.ssh/rc and logging in:

#!/bin/bash
echo -n "Does this work?\n"

Guess what? It worked. So, thank you for making me re-examine this option.

[1] -- http://www.manpagez.com/man/8/sshd/

On Wed, Sep 14, 2011 at 15:02, Chris Fowler <cfowler at outpostsentinel.com> wrote:
> On Wed, 2011-09-14 at 14:31 -0400, Michael H. Warfield wrote:
>
>> Anything wrong with sticking it in their (or the default) sshrc file?
>>
>
> I think that is an excellent solution.
>
> --------------------------------------------------------------------------------
> 5.6.4. Arbitrary Actions with /etc/sshrc
> When a user logs in, the normal Unix login system typically runs some
> shell scripts, such as /etc/profile. In addition, sshd runs the
> script /etc/sshrc for each SSH-based login. This feature lets the system
> administrator run special commands for SSH logins that don't occur for
> ordinary logins. For example, you can do some additional logging of SSH
> connections, print welcome messages for SSH users only, and set
> SSH-related environment variables.
>
> In all three, SSH1, SSH2, and OpenSSH, /etc/sshrc is processed by
> theBourne shell ( /bin/sh) specifically, rather than the user's shell,
> so that it can run reliably for all accounts regardless of their various
> shells. It is run for logins (e.g., ssh my-host) and remote commands
> (ssh my-host /bin/who), just before the user's shell or command is
> invoked. It runs under the target account's uid, so it can't take
> privileged actions. If the script exits due to an error (say, a syntax
> error), the SSH session continues normally.
>
> Note that this file is run as input to the Bourne shell: sshd
> runs /bin/sh /etc/sshrc, not /bin/sh -c /etc/sshrc. This means that it
> can't be an arbitrary program; it must be a file containing Bourne-shell
> commands (and it doesn't need the execute mode bit set).
>
> /etc/sshrc operates machinewide: it is run for every incoming SSH
> connection. For more fine-grained control, each user may create the
> script ~/.ssh/rc to be run instead of /etc/sshrc. [Section 8.4, "The
> User rc File "] /etc/sshrc isn't executed if ~/.ssh/rc exists in the
> target account. Note that SSH rc files interact with X authentication.
> [Section 9.3.5.2, "xauth and the SSH rc files"]
>
> --------------------------------------------------------------------------------
>
> Create an /etc/sshrc and then create individual files
> in /etc/user_motds/  Then use the UID's to display the individual files.
> Something as simple as this:
>
> #!/bin/sh
>
> MOTD="/etc/user_motds/${UID}.txt
>
> if [ -f $MOTD ]
> then
>  cat $MOTD
> fi



-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59



More information about the Ale mailing list