Results 1 to 9 of 9

Thread: How to display IP of ssh user in message

  1. #1

    Default How to display IP of ssh user in message

    Hi All,
    I want to display the IP address of the SSH client in the banner/message. Right now, I have all the lines in my /etc/motd which warns the users about illegal access.Along with it, the message should display the IP of the user. Basically, I want them to understand that these connections can be traced. Please advice me how can I achieve this.

    TIA,

    VinuKaimal.

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: How to display IP of ssh user in message

    You could use /etc/ssh/sshrc. This must call xauth as the last thing if it exists and also not generate any output to stdout, only stderr. See man sshd.

    Otherwise you could put something in /etc/profile.local and check for the existence of $SSH_CLIENT, which contains the connection details and print something if this login is via ssh.

  3. #3
    Join Date
    Jun 2008
    Location
    Oklahoma, US
    Posts
    822

    Default Re: How to display IP of ssh user in message

    ken yap wrote:

    >
    > You could use /etc/ssh/sshrc. This must call xauth as the last thing if
    > it exists and also not generate any output to stdout, only stderr. See
    > man sshd.
    >
    > Otherwise you could put something in /etc/profile.local and check for
    > the existence of $SSH_CLIENT, which contains the connection details and
    > print something if this login is via ssh.
    >
    >


    /etc/ssh/sshrc is only executed AFTER someone successfully logs in, but
    before they receive a prompt.

    poster is likely wanting to show their IP address before the login to
    dissuade the attempt.

    The ssh banner (example: Banner /etc/issue.net) is not parsed nor processed
    in any way. I tried this a while back. The /etc/issue file *IS* parsed
    (hostname, tty, date/time), but ONLY for local logins. (mgetty, getty,
    etc).

    I imagine you *could* do what you're looking for by running sshd via the
    inetd/xinetd system, determining and printing the IP address and then
    allowing sshd to process the login. But I wouldn't recommend it.

    I usually tell the kiddies that I've found an amazing machine to crack,
    owned by an idiot, at 127.47.32.15, or something similar. Nothing like
    watching them pound on their own machines. Wheee!


    --
    L R Nix
    lornix@lornix.com

  4. #4
    Join Date
    Jun 2008
    Location
    Oklahoma, US
    Posts
    822

    Default Re: How to display IP of ssh user in message

    L R Nix wrote:

    > ken yap wrote:
    >
    >>
    >> You could use /etc/ssh/sshrc. This must call xauth as the last thing if
    >> it exists and also not generate any output to stdout, only stderr. See
    >> man sshd.
    >>
    >> Otherwise you could put something in /etc/profile.local and check for
    >> the existence of $SSH_CLIENT, which contains the connection details and
    >> print something if this login is via ssh.
    >>
    >>

    >
    > /etc/ssh/sshrc is only executed AFTER someone successfully logs in, but
    > before they receive a prompt.
    >
    > poster is likely wanting to show their IP address before the login to
    > dissuade the attempt.
    >
    > The ssh banner (example: Banner /etc/issue.net) is not parsed nor
    > processed
    > in any way. I tried this a while back. The /etc/issue file *IS* parsed
    > (hostname, tty, date/time), but ONLY for local logins. (mgetty, getty,
    > etc).
    >
    > I imagine you *could* do what you're looking for by running sshd via the
    > inetd/xinetd system, determining and printing the IP address and then
    > allowing sshd to process the login. But I wouldn't recommend it.
    >
    > I usually tell the kiddies that I've found an amazing machine to crack,
    > owned by an idiot, at 127.47.32.15, or something similar. Nothing like
    > watching them pound on their own machines. Wheee!
    >
    >

    uh... never mind, I've obviously got my head in my bucket again... (custom
    made too!)

    Think I'll go play with kitty...
    --
    L R Nix
    lornix@lornix.com

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: How to display IP of ssh user in message

    Quote Originally Posted by lornix View Post
    poster is likely wanting to show their IP address before the login to
    dissuade the attempt.
    Well no, OP mentioned /etc/motd, which is output after a successful login. It sounded like he wanted to warn users that their logins are auditable. I'm not sure that showing the source IP address will add much weight, but it's his system.

    Before is pointless. Automated crack scripts don't read banners.

    Actually I think /etc/profile.local is the best place to test SSH_CLIENT or SSH_CONNECTION and output the message.

  6. #6
    Join Date
    Jun 2008
    Location
    Oklahoma, US
    Posts
    822

    Default Re: How to display IP of ssh user in message

    ken yap wrote:

    >
    > lornix;1848299 Wrote:
    >> poster is likely wanting to show their IP address before the login to
    >> dissuade the attempt.

    >
    > Well no, OP mentioned /etc/motd, which is output after a successful
    > login. It sounded like he wanted to warn users that their logins are
    > auditable. I'm not sure that showing the source IP address will add
    > much weight, but it's his system.
    >
    > Before is pointless. Automated crack scripts don't read banners.
    >
    > Actually I think /etc/profile.local is the best place to test
    > SSH_CLIENT or SSH_CONNECTION and output the message.
    >
    >


    Agreed.

    I think this is just my week for 'right answer, wrong question'. Or maybe
    my month. Hey! A new month is coming soon!

    Loni

    --
    L R Nix
    lornix@lornix.com

  7. #7

    Default Re: How to display IP of ssh user in message

    Hi All,

    Thanks a lot for your reply. I tried to print SSH_CLIENT or SSH_CONNECTION, but it seems like nothing is set on it. Pls help.

    TIA,

    VinuKaimal

  8. #8
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: How to display IP of ssh user in message

    Do this:

    Code:
    echo $SSH_CLIENT
    echo $SSH_CONNECTION
    and you will see the values. They are only set when the session is via ssh.

    Maybe something like this:

    Code:
    if [ -n "$SSH_CLIENT" ]
    then
      set $SSH_CLIENT
      echo "You are coming in from $1 port $2"
    fi

  9. #9

    Default Re: How to display IP of ssh user in message

    Thanks a lot.

    It worked fine.

    Thanks once again

    VinuKaimal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •