Run scripts automatically in server after ssh connection
Solution 1
You can do so by adding the following parameter to your config file (/etc/ssh/sshd_config).
ForceCommand Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if present. The command is invoked by using the user's login shell with the -c option. This applies to shell, command, or subsystem execution. It is most useful inside a Match block. The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. Specifying a command of “internal-sftp” will force the use of an in-process sftp server that requires no support files when used with ChrootDirectory.
An other option is to use the .ssh/rc files on a per user basis.
To use the ForceCommand method you just add ForceCommand /usr/bin/ownscript
at the bottom of the file /etc/ssh/sshd_config
(on the server).
The script looks like this:
#!/bin/bash
#Script file for ssh
#
#put your commands here
echo "test" > /tmp/test.txt
#
#exit by calling a shell to open for the ssh session
/bin/bash
Don't forget to chmod the script sudo chmod +x /usr/bin/ownscript
Solution 2
You can create a /etc/ssh/sshrc
file. See man 8 ssh
.
If you want this for a single user, use ~/.ssh/rc
.
Here is a sample /etc/ssh/sshrc
that will notify you via dbus when someone logs in on your machine. Don't forget to chmod +x
:
#!/bin/bash
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`
notify-send -u CRITICAL "SSH connection from ${ip}" "User $USER just logged in from $ip"
Solution 3
For execution of a script during logon, add it as a call from within the /etc/profile script. This is executed for every logon, not only for ssh logons.
Enthusiast
Updated on September 18, 2022Comments
-
Enthusiast almost 2 years
how to run a script automatically in server soon after client system establish ssh connection with the server
for ex: suppose a user will logon to my computer from another system(connected via lan) using ssh connection. At that time, A script(python or shell) should be run automatically in my system to perform some validation?
How to run the script automatically in server system?
-
Admin over 8 yearsPossible duplicate of Run (system) script on SSH login and/or logout
-
-
Enthusiast over 10 yearsthanks for the answer. Could you please give an example command
-
Enthusiast over 10 yearsbut whether force command execute the command in server(admin login)or in client login ? I want to execute command in server login
-
Requist over 10 yearsThe command is issued on the server. Just add ForceCommand /path/command.script at the bottom of your config will do the trick. However, I encountered it will just execute this command so you need to start a shell in your scriptfile. For better readability I will add an example to my original answer.
-
Enthusiast over 10 yearsthank you. can i run python script instead of shell script ?
-
Enthusiast over 10 yearssuppose i execute my custom command, Is there any way to retrieve the IP address and login name of the user(I want to know because of which login my command got executed ?
-
Enthusiast over 10 yearsI am concerned about only clients systems connected using ssh connection
-
Requist over 10 yearsYes, a python script would do also, just make sure to exit with starting a new shell. All ssh connections are logged by default, you can see them using the command: cat /var/log/auth.log |grep Accepted\ password
-
Enthusiast over 10 yearsBut normally log file contains all the entries of the logged in system. suppose one user named "john" logged from remote system. and as per force command, a command got executed, But how do i retrieve only user john and his ip address ?
-
Requist over 10 yearswhoami will give you the user logging in. You could parse that into a variable and use this variable to lookup ip in the auth.log. Something like: cat /var/log/auth.log |grep Accepted\ password |grep john | tail -1
-
Eugen Konkov over 8 yearsHow to force different command for each connection?
-
bschlueter over 8 yearsThis won't consistently work if users have different shells as not all shells source /etc/profile.