Here I show you how to setup a MOTD to show some text upon any type of login. With the extra benefit of showing system information upon ssh connections (and loggin ssh connections). The later part with ssh (running the script that shows system info and logs the connection) requires it to be an ssh connection, because motd cant run script, so thats a fallback, if connecting via telnet you will not get the system info. But ubuntu has another way about it (read the note below)

NOTE: this might work with Ubuntu but I havent tested. I know ubuntu has a more advanced MOTD system that can be dynamic and run scripts. http://www.howtogeek.com/104708/how-to-customize-ubuntus-message-of-the-day/ Im sure there is a way to install the same updated motd package on debian if you tried.

Upon login Debian loads up the /etc/motd ascii text and shows it on the screen.

Then it will launch /etc/ssh/sshrc (unless a condition says otherwise, however most likely it will load this. here is a link that can help see what scripts launch on server and client side upon connections: http://askubuntu.com/questions/382485/ssh-how-to-force-execution-of-a-script-etc-sshrc-forcecommand-on)

/etc/motd should start off with a blank-newline, followed by your MOTD and then end with another blank line

Here is my MOTD:

cat /etc/motd

NOTE: above replace <put empty line here> with a simply empty line (a new line). It just looks better if that message is surrounded by empty lines. Trust me.

Here is my start up script which logs connections to /var/log/sshconn.log. The script is /etc/ssh/sshrc (it is run upon an ssh connection):

UPDATED (2015-03-08): Added script below. Here I added an sshconn analysis output file. It just lists all of the connected IPs to date. So that way if something new logs in, you can easily spot it.

 

NOTE: Right now df -h will just show you all of the disk usage, but some you might not want to see. modify the last df -h line to only select the items that you need. I grep out by-uuid and /DATA and used to get the output that I need. I select by-uuid because my root volume has that appear on the line in df output. /DATA shows up on my main big data volume. Used is the header line we want to select it.

EXAMPLE OUTPUT WHEN I LOGIN

Then you can see the sshconn.log which shows information about who connected and from where

How to read SSHCONN.log

cat /var/log/sshconn.log

That will show you the time of connection and what IP connected along with port information.  Its interesting to reverse DNS the IP, so I do that with the host command. That might have several lines of output, so I include it in sshconn.log (but remove any new lines with grep . and also indent the output with the awk command)


Consequences of sshrc

If your sshrc sends output to the screen then you will get protocol mismatch error when using rsync over ssh to save files on this server. To avoid that make sure sshrc doesnt output anything on the screen (like with echo, df, top, commands and the like). Saving to any file is fine (so when we save to /var/log/sshconn.log thats okay), again just not to the screen (stdout… stderr might be okay).

NOTE: sshrc isnt the only file that can cause these errors. other scripts that run upon a new ssh connection startup like .bashrc, .profile should be considered. However scripts like /etc/motd and other such login banners are okay as they are not run when rsync over ssh is run. You can test if you will get the error with rsh (see link below) and it will hint at what files could be causing the output that you dont want.

Here is how the error looks like.

More info here http://ram.kossboss.com/rsyncprotocolmismatch/

Avoid those error by having sshrc not send anything to the screen (and any other scripts that run when ssh starts, .bashrc, .profile etc). Notice below I commented everything that outputs to the screne.

UPDATED (2016-04-18): Adding section to script to process the IPs with a reverse lookup using the host command. Replace “host” in iHOST line with another reverse IP look up command (hopefully its output is short – host’s output is kind of long but it does the job. “host” can resolve forwards hostname->IP, and reverse IP->hostname which is what I’m using it for here). Since my command to process the IPs, the IPs count, and the resolved hostname goes thru something more intricate then /bin/sh (busybox shell). I call upon the powers of bash to run my command. So how do I ran a portion of the script in /bin/bash while the rest runs by the default shell /bin/sh? with a HEREDOC. I save the script that I will run to a HEREDOC (I have to escape all of the $ and backticks so that they don’t substitute in random none-existant variables and commands). Then I surround the HEREDOC with double-quotes (so that the VAR can expand) and run it bash -c. Note that if your /bin/sh is bash (/bin/bash) then you dont need to do a HEREDOC (although it doesnt hurt if you do). Note this command doesnt print anything to the screen so that we dont get a dirty shell (things like rsync over ssh fail with dirty shells).

The end.

Leave a Reply

Your email address will not be published. Required fields are marked *