4

I am trying to find a way to execute a specific command when connecting to a server via SSH. By this I mean, the command will execute unconditionally on opening a connection, so this would preferably be run at the same time that a Banner option would be printed if set. I am not trying to run a command after logging in.

What I'm after, for example:

$ ssh bob@website.com
(Command essentially executed at this point, before the input prints.)
bob@website.com's password:

The reason I'm trying to do this is that I would like to run a short script which sends push notifications to my phone whenever a connection is made, regardless of whether I login or not. I had planned to use pam_exec, but this only triggers auth if a password is entered and enter is pressed, and the account and session_* modules only trigger on a successful login. If a connection is opened, but then closed such as when a user simply hits Ctrl+C, then the script will never be run.

Is there any method for doing this? I'm not finding much information on the subject.

Dave
  • 298
  • possible duplicate of ssh: execute a command before login – jasonwryan Dec 15 '13 at 20:50
  • 2
    Not a duplicate, the linked question is about running a command before a shell is run, but still after successfully logging in. – Dave Dec 15 '13 at 20:54
  • 2
    If you do this you will be vulnerable to a denial of service attack. Any one that knows of this configuration can repeatedly connect to the ssh port, resulting in a barrage of messages being sent to your phone. This may be why there is no simple way to set this up. – ctrl-alt-delor Dec 15 '13 at 21:42
  • 2
    If you still want to proceed (following my previous comment), then you could get the firewall to do it. – ctrl-alt-delor Dec 15 '13 at 21:43
  • @richard: I am not too worried about this as the service I'm using rate limits notifications pretty heavily to one every 300 seconds. Connections to this particular box should be rare. I am thinking of making changes now though because of your warning. Thanks for pointing out the danger, I appreciate it. – Dave Dec 16 '13 at 07:52

1 Answers1

5

You can run sshd via inetd, with inetd running:

sh -c 'your-command; exec sshd -iD'

upon an incoming connection (see the caveat in sshd(8) though).

Stéphane Chazelas
  • 544,893