Run (system) script on SSH login and/or logout

ssh server scripts session

23,024

Solution 1

You can force a command onto your SSH-users instead of the one they request (or their shell if they don't give a specific command). This can be done by specifying that command with something like ForceCommand /root/ssh-wrapper in /etc/ssh/sshd_config (it doesn't matter where the script is located or how it's named, just make sure it is executable by all users and the sshd configuration file points to it). You also need to restart/reload sshd. The original command is accessible to the forced command as $SSH_ORIGINAL_COMMAND.

I just hacked this script together:

#! /bin/sh

# add logger options when needed
log="logger -t ssh-wrapper"

# find IP address
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`

$log $USER login from $ip
espeak "$USER just logged in from $ip" > /dev/null 2>&1

$log command: ${SSH_ORIGINAL_COMMAND:-shell}
${SSH_ORIGINAL_COMMAND:-shell}

$log $USER logout
espeak "$USER just logged out" > /dev/null 2>&1

Now every time I login or logout a voice tells me about it, and a log entry gets written to syslog. It also logs the command. You can use something like the following to "follow" your sshd usage:

tailf /var/log/syslog | grep ssh-wrapper

Please note that this script is mostly untested, so use at your own risk! ;-)

PS: remember that this script is run as the user that logged in, so you can't do everything you want if you change it to add more features...

Solution 2

You can use the sshrc (man sshd , search for sshrc)

ssh will execute the /etc/ssh/sshrc if it exists and you can run one script (or call multiple scripts) from there

you can call any bash variable, like $USER or get the IP via

read -d " " ip <<< $SSH_CONNECTION

you can write a script to test or log what ever you want.

Logout script... well, that is what i'm searching for! :D

Solution 3

I've seen this matching events in log file before (which would allow you flexibility on matching anything). This page is poorly formatted but it might help you get started: https://help.ubuntu.com/community/AudibleLogs#Play with esound

23,024

Alex Biro

Updated on September 17, 2022

Comments

Alex Biro almost 2 years

I'd like my OpenSSH server to start a script whenever a user logs in using SSH, ideally passing the host name or IP, as well as the user name. Additionally I'd like it to run a script, whenever a session is terminated (passing the username). These scripts should not run in the user's session, but system wide.

The idea is to give an audio warning on login and logout, e.g. using espeak, and to display the information on an external display.

I've seen that there is a pam-scripts package but I'm not sure if this does what I want, nor how to use it.
Dmitry Eskin almost 9 years

Hi, Is there any way to detect situation when the user just closed the window with ssh client. Your script does not hook this situation.. Thanks.
Ibrahim about 7 years

Should shell in ${SSH_ORIGINAL_COMMENT:-shell} be replaced with the actual path to the shell, eg. /bin/bash? When I just try to run that, it complains that there's no such command as shell. Actually, I guess maybe what you meant is $SHELL? That should run the user's specified shell.
WolfLink over 2 years

To add to this: You can also put a file in $HOME/.ssh/rc to have a per-user ssh rc file.