How to display IP of ssh user in message

Hi All,
I want to display the IP address of the SSH client in the banner/message. Right now, I have all the lines in my /etc/motd which warns the users about illegal access.Along with it, the message should display the IP of the user. Basically, I want them to understand that these connections can be traced. Please advice me how can I achieve this.

TIA,

VinuKaimal.

You could use /etc/ssh/sshrc. This must call xauth as the last thing if it exists and also not generate any output to stdout, only stderr. See man sshd.

Otherwise you could put something in /etc/profile.local and check for the existence of $SSH_CLIENT, which contains the connection details and print something if this login is via ssh.

ken yap wrote:

>
> You could use /etc/ssh/sshrc. This must call xauth as the last thing if
> it exists and also not generate any output to stdout, only stderr. See
> man sshd.
>
> Otherwise you could put something in /etc/profile.local and check for
> the existence of $SSH_CLIENT, which contains the connection details and
> print something if this login is via ssh.
>
>

/etc/ssh/sshrc is only executed AFTER someone successfully logs in, but
before they receive a prompt.

poster is likely wanting to show their IP address before the login to
dissuade the attempt.

The ssh banner (example: Banner /etc/issue.net) is not parsed nor processed
in any way. I tried this a while back. The /etc/issue file IS parsed
(hostname, tty, date/time), but ONLY for local logins. (mgetty, getty,
etc).

I imagine you could do what you’re looking for by running sshd via the
inetd/xinetd system, determining and printing the IP address and then
allowing sshd to process the login. But I wouldn’t recommend it.

I usually tell the kiddies that I’ve found an amazing machine to crack,
owned by an idiot, at 127.47.32.15, or something similar. Nothing like
watching them pound on their own machines. Wheee!


L R Nix
lornix@lornix.com

Well no, OP mentioned /etc/motd, which is output after a successful login. It sounded like he wanted to warn users that their logins are auditable. I’m not sure that showing the source IP address will add much weight, but it’s his system.

Before is pointless. Automated crack scripts don’t read banners.

Actually I think /etc/profile.local is the best place to test SSH_CLIENT or SSH_CONNECTION and output the message.

L R Nix wrote:

> ken yap wrote:
>
>>
>> You could use /etc/ssh/sshrc. This must call xauth as the last thing if
>> it exists and also not generate any output to stdout, only stderr. See
>> man sshd.
>>
>> Otherwise you could put something in /etc/profile.local and check for
>> the existence of $SSH_CLIENT, which contains the connection details and
>> print something if this login is via ssh.
>>
>>
>
> /etc/ssh/sshrc is only executed AFTER someone successfully logs in, but
> before they receive a prompt.
>
> poster is likely wanting to show their IP address before the login to
> dissuade the attempt.
>
> The ssh banner (example: Banner /etc/issue.net) is not parsed nor
> processed
> in any way. I tried this a while back. The /etc/issue file IS parsed
> (hostname, tty, date/time), but ONLY for local logins. (mgetty, getty,
> etc).
>
> I imagine you could do what you’re looking for by running sshd via the
> inetd/xinetd system, determining and printing the IP address and then
> allowing sshd to process the login. But I wouldn’t recommend it.
>
> I usually tell the kiddies that I’ve found an amazing machine to crack,
> owned by an idiot, at 127.47.32.15, or something similar. Nothing like
> watching them pound on their own machines. Wheee!
>
>
uh… never mind, I’ve obviously got my head in my bucket again… (custom
made too!)

Think I’ll go play with kitty…

L R Nix
lornix@lornix.com

ken yap wrote:

>
> lornix;1848299 Wrote:
>> poster is likely wanting to show their IP address before the login to
>> dissuade the attempt.
>
> Well no, OP mentioned /etc/motd, which is output after a successful
> login. It sounded like he wanted to warn users that their logins are
> auditable. I’m not sure that showing the source IP address will add
> much weight, but it’s his system.
>
> Before is pointless. Automated crack scripts don’t read banners.
>
> Actually I think /etc/profile.local is the best place to test
> SSH_CLIENT or SSH_CONNECTION and output the message.
>
>

Agreed.

I think this is just my week for ‘right answer, wrong question’. Or maybe
my month. Hey! A new month is coming soon!

Loni


L R Nix
lornix@lornix.com

Hi All,

Thanks a lot for your reply. I tried to print SSH_CLIENT or SSH_CONNECTION, but it seems like nothing is set on it. Pls help.

TIA,

VinuKaimal

Do this:

echo $SSH_CLIENT
echo $SSH_CONNECTION

and you will see the values. They are only set when the session is via ssh.

Maybe something like this:

if  -n "$SSH_CLIENT" ]
then
  set $SSH_CLIENT
  echo "You are coming in from $1 port $2"
fi

Thanks a lot.

It worked fine.

Thanks once again

VinuKaimal