Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Perform action when user logs in via SSH from a particular host

I have a quesiton that puzzles me and I wonder if anyone has attempted to achieve the following:

Let's assume that this is the result of my 'last' command in a Linux environment:

root  pts/1        192.168.1.10      Wed Feb 10 07:04 - 07:57  (00:52)  
root  pts/2                          Tue Feb  9 22:00 - 00:13  (02:13)   

How can I setup a particular action (say for example a modified MOTD or sending an email) if the the 'root' user has logged in from 192.168.1.10. Is there a way of capturing this information?

The second part of this question is that how can I make the above check a bit more robust - i.e. if I have the following:

mary  pts/1        192.168.1.10      Wed Feb 10 07:04 - 07:57  (00:52)  
bob   pts/2                          Tue Feb  9 22:00 - 00:13  (02:13)      

Now I'd like to perform an action if the username is equal to 'mary' and the host is 192.168.1.10.

Any suggestions are welcomed.

Thank you in advance.

like image 462
Tamas Avatar asked Oct 08 '12 19:10

Tamas


People also ask

How do I view SSH logs?

On most modern systems, journalctl provides a convenient, standardized way to view ssh logs. On other systems, you can find the sshd log at /var/log/auth. log. For quick inspections, you can also use the lastlog command.

How do I pass a password using SSH in Linux?

How do I pass a password to ssh client under Linux or UNIX operating systems? You need to use the sshpass command to pass the password on Linux or Unix command-line. It is a utility designed for running ssh using the mode referred to as “keyboard-interactive” password authentication, but in non-interactive mode.


2 Answers

There's a special file /etc/ssh/sshrc where you can put some commands that will runs each time someone connect by ssh. I wrote that for you :

#!/bin/bash

[email protected]
monitored_user=root
monitored_ip=x.x.x.x

hostname=$(hostname)

# add a welcome message:
printf >&2 "\nWelcome on $hostname $USER\n"

read -d " " ip <<< $SSH_CONNECTION

[[ $ip == $monitored_ip && $USER == $monitored_user ]] || exit 0

date=$(date "+%d.%m.%Y %Hh%M")
reverse=$(dig -x $ip +short)

mail -s "Connexion of $USER on $hostname" $mail <<EOF

IP: $ip
Reverse: $reverse
Date: $date
EOF

Put this script in a file, then put the full path of the script in /etc/ssh/sshrc

In man ssh :

/etc/ssh/sshrc : Commands in this file are executed by ssh when the user logs in, just before the user's shell (or command) is started. See the sshd(8) manual page for more information.

like image 133
Gilles Quenot Avatar answered Oct 08 '22 19:10

Gilles Quenot


Thanks for all your replies. Eventually I managed to find a solution which does work for the time being but it does have one flaw which I'll point out in a minute.

I have added the following to my /etc/bashrc file (or /etc/bash.bashrc whatever environment you're using):

HOST="192.168.0.1"
RHOST=`who am i | sed -n 's/.*(\([^) ]*\).*/\1/p; 1q'`
if [ "$RHOST" == "$HOST" ]; then
        echo "SAY WHAT!"
        #add further actions here if needed
fi

The flaw that I was talking about before may actually not be a flaw. If you're already SSH-ed into the system, and you want to SSH to a host which lives on the same IP, say ssh root@your-host who am i would then print 'your-host' but I think that's the way it should be.

Needless to say that the above sed statement can be modified so you can capture the username as well, and you can extend the if/else statement to suite your needs.

Thank you again for all your replies.

like image 21
Tamas Avatar answered Oct 08 '22 19:10

Tamas