12

how to run a script automatically in server soon after client system establish ssh connection with the server

for ex: suppose a user will logon to my computer from another system(connected via lan) using ssh connection. At that time, A script(python or shell) should be run automatically in my system to perform some validation?

How to run the script automatically in server system?

Enthusiast
  • 243
  • 2
  • 3
  • 10

3 Answers3

14

You can do so by adding the following parameter to your config file (/etc/ssh/sshd_config).

 ForceCommand
         Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if present.  The command is invoked by using the user's login shell
         with the -c option.  This applies to shell, command, or subsystem execution.  It is most useful inside a Match block.  The command originally supplied by the client is available in the
         SSH_ORIGINAL_COMMAND environment variable.  Specifying a command of “internal-sftp” will force the use of an in-process sftp server that requires no support files when used with
         ChrootDirectory.

An other option is to use the .ssh/rc files on a per user basis.

To use the ForceCommand method you just add ForceCommand /usr/bin/ownscript at the bottom of the file /etc/ssh/sshd_config (on the server).

The script looks like this:

#!/bin/bash
#Script file for ssh
#
#put your commands here
echo "test" > /tmp/test.txt
#
#exit by calling a shell to open for the ssh session
/bin/bash

Don't forget to chmod the script sudo chmod +x /usr/bin/ownscript

Requist
  • 2,389
  • 2
  • 22
  • 32
  • thanks for the answer. Could you please give an example command – Enthusiast Dec 30 '13 at 15:55
  • but whether force command execute the command in server(admin login)or in client login ? I want to execute command in server login – Enthusiast Dec 30 '13 at 16:01
  • 1
    The command is issued on the server. Just add ForceCommand /path/command.script at the bottom of your config will do the trick. However, I encountered it will just execute this command so you need to start a shell in your scriptfile. For better readability I will add an example to my original answer. – Requist Dec 30 '13 at 17:37
  • thank you. can i run python script instead of shell script ? – Enthusiast Dec 31 '13 at 01:10
  • suppose i execute my custom command, Is there any way to retrieve the IP address and login name of the user(I want to know because of which login my command got executed ? – Enthusiast Dec 31 '13 at 01:28
  • Yes, a python script would do also, just make sure to exit with starting a new shell. All ssh connections are logged by default, you can see them using the command: cat /var/log/auth.log |grep Accepted\ password – Requist Dec 31 '13 at 12:21
  • But normally log file contains all the entries of the logged in system. suppose one user named "john" logged from remote system. and as per force command, a command got executed, But how do i retrieve only user john and his ip address ? – Enthusiast Jan 01 '14 at 12:33
  • whoami will give you the user logging in. You could parse that into a variable and use this variable to lookup ip in the auth.log. Something like: cat /var/log/auth.log |grep Accepted\ password |grep john | tail -1 – Requist Jan 01 '14 at 16:13
  • How to force different command for each connection? – Eugen Konkov Mar 01 '16 at 08:40
6

You can create a /etc/ssh/sshrc file. See man 8 ssh. If you want this for a single user, use ~/.ssh/rc.

Here is a sample /etc/ssh/sshrc that will notify you via dbus when someone logs in on your machine. Don't forget to chmod +x:

#!/bin/bash

ip=`echo $SSH_CONNECTION | cut -d " " -f 1`

notify-send -u CRITICAL "SSH connection from ${ip}" "User $USER just logged in from $ip"
leucos
  • 161
  • 1
  • 3
1

For execution of a script during logon, add it as a call from within the /etc/profile script. This is executed for every logon, not only for ssh logons.

William Peckham
  • 11
  • 1