[ale] Scriptable motd for initial SSH login?

Chris Fowler cfowler at outpostsentinel.com
Wed Sep 14 15:02:42 EDT 2011


On Wed, 2011-09-14 at 14:31 -0400, Michael H. Warfield wrote:

> Anything wrong with sticking it in their (or the default) sshrc file?
> 

I think that is an excellent solution.

--------------------------------------------------------------------------------
5.6.4. Arbitrary Actions with /etc/sshrc
When a user logs in, the normal Unix login system typically runs some
shell scripts, such as /etc/profile. In addition, sshd runs the
script /etc/sshrc for each SSH-based login. This feature lets the system
administrator run special commands for SSH logins that don't occur for
ordinary logins. For example, you can do some additional logging of SSH
connections, print welcome messages for SSH users only, and set
SSH-related environment variables.

In all three, SSH1, SSH2, and OpenSSH, /etc/sshrc is processed by
theBourne shell ( /bin/sh) specifically, rather than the user's shell,
so that it can run reliably for all accounts regardless of their various
shells. It is run for logins (e.g., ssh my-host) and remote commands
(ssh my-host /bin/who), just before the user's shell or command is
invoked. It runs under the target account's uid, so it can't take
privileged actions. If the script exits due to an error (say, a syntax
error), the SSH session continues normally.

Note that this file is run as input to the Bourne shell: sshd
runs /bin/sh /etc/sshrc, not /bin/sh -c /etc/sshrc. This means that it
can't be an arbitrary program; it must be a file containing Bourne-shell
commands (and it doesn't need the execute mode bit set).

/etc/sshrc operates machinewide: it is run for every incoming SSH
connection. For more fine-grained control, each user may create the
script ~/.ssh/rc to be run instead of /etc/sshrc. [Section 8.4, "The
User rc File "] /etc/sshrc isn't executed if ~/.ssh/rc exists in the
target account. Note that SSH rc files interact with X authentication.
[Section 9.3.5.2, "xauth and the SSH rc files"]

--------------------------------------------------------------------------------

Create an /etc/sshrc and then create individual files
in /etc/user_motds/  Then use the UID's to display the individual files.
Something as simple as this: 

#!/bin/sh 

MOTD="/etc/user_motds/${UID}.txt

if [ -f $MOTD ]
then
  cat $MOTD
fi





More information about the Ale mailing list