Ubuntu – Run (system) script on SSH login and/or logout

scriptsserversessionssh

I'd like my OpenSSH server to start a script whenever a user logs in using SSH, ideally passing the host name or IP, as well as the user name. Additionally I'd like it to run a script, whenever a session is terminated (passing the username). These scripts should not run in the user's session, but system wide.

The idea is to give an audio warning on login and logout, e.g. using espeak, and to display the information on an external display.

I've seen that there is a pam-scripts package but I'm not sure if this does what I want, nor how to use it.

Best Answer

You can force a command onto your SSH-users instead of the one they request (or their shell if they don't give a specific command). This can be done by specifying that command with something like ForceCommand /root/ssh-wrapper in /etc/ssh/sshd_config (it doesn't matter where the script is located or how it's named, just make sure it is executable by all users and the sshd configuration file points to it). You also need to restart/reload sshd. The original command is accessible to the forced command as $SSH_ORIGINAL_COMMAND.

I just hacked this script together:

#! /bin/sh

# add logger options when needed
log="logger -t ssh-wrapper"

# find IP address
ip=`echo $SSH_CONNECTION | cut -d " " -f 1`

$log $USER login from $ip
espeak "$USER just logged in from $ip" > /dev/null 2>&1

$log command: ${SSH_ORIGINAL_COMMAND:-shell}
${SSH_ORIGINAL_COMMAND:-shell}

$log $USER logout
espeak "$USER just logged out" > /dev/null 2>&1

Now every time I login or logout a voice tells me about it, and a log entry gets written to syslog. It also logs the command. You can use something like the following to "follow" your sshd usage:

tailf /var/log/syslog | grep ssh-wrapper

Please note that this script is mostly untested, so use at your own risk! ;-)

PS: remember that this script is run as the user that logged in, so you can't do everything you want if you change it to add more features...

Related Solutions

Ubuntu – How to make a script run automatically after gdm login and logout

Found it.

/etc/gdm/PostLogin/Default for login script
/etc/gdm/PostSession/Default for logout script

I figured from Florian's suggestion that there should be something for gdm that did it :)

Ubuntu – Run script on shell login for all users

You could save your script in /etc/profile.d/als.sh. According to Ubuntu EnvironmentVariables manual:

Files with the .sh extension in the /etc/profile.d directory get executed whenever a bash login shell is entered (e.g. when logging in from the console or over ssh), as well as by the DisplayManager when the desktop session loads.

You should also modify relative path with absolute path:

 cat /home/$USER/.bashrc | egrep 'alias.+\=' | tr -s [:space:] | sed 's_^ alias_alias_' | sed 's_alias__' | sort | sed 's_=_\t\t_' | sed 's_^ __'

And this should works for all users.

Best Answer

Related Solutions

Ubuntu – How to make a script run automatically after gdm login and logout

Ubuntu – Run script on shell login for all users

Related Question