Run command on a given user SSH connection #44

New Issue

Benjamin_Loison · 2024-11-08T18:35:26+01:00

Benjamin_Loison commented

2024-11-08 18:35:26 +01:00

DuckDuckGo and Google search Linux execute command on SSH connection.

A crontab would be a pretty bad solution.

Maybe can leverage authentication logs.

DuckDuckGo and Google search *Linux execute command on SSH connection*. A crontab would be a pretty bad solution. Maybe can leverage authentication logs.

Benjamin_Loison commented

2024-11-08 18:39:51 +01:00

ssh root@lemnoslife.com 'date && tail -n 5 /var/log/auth.log'

Output:

Fri Nov  8 06:38:07 PM CET 2024
2024-11-08T18:38:04.547790+01:00 vps713872 systemd-logind[456]: Removed session 105.
2024-11-08T18:38:07.268411+01:00 vps713872 sshd[2816]: Accepted publickey for root from XXX.XXX.XXX.XXX port XXXXX ssh2: ED25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2024-11-08T18:38:07.269217+01:00 vps713872 sshd[2816]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
2024-11-08T18:38:07.280685+01:00 vps713872 systemd-logind[456]: New session 107 of user root.
2024-11-08T18:38:07.289088+01:00 vps713872 sshd[2816]: pam_env(sshd:session): deprecated reading of user environment enabled

```bash ssh root@lemnoslife.com 'date && tail -n 5 /var/log/auth.log' ``` <details> <summary>Output:</summary> ``` Fri Nov 8 06:38:07 PM CET 2024 2024-11-08T18:38:04.547790+01:00 vps713872 systemd-logind[456]: Removed session 105. 2024-11-08T18:38:07.268411+01:00 vps713872 sshd[2816]: Accepted publickey for root from XXX.XXX.XXX.XXX port XXXXX ssh2: ED25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2024-11-08T18:38:07.269217+01:00 vps713872 sshd[2816]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) 2024-11-08T18:38:07.280685+01:00 vps713872 systemd-logind[456]: New session 107 of user root. 2024-11-08T18:38:07.289088+01:00 vps713872 sshd[2816]: pam_env(sshd:session): deprecated reading of user environment enabled ``` </details>

Benjamin_Loison commented

2024-11-08 18:44:06 +01:00

Could in theory modify .bashrc but I suspect that the user can avoid running this file, for instance by using SCP. Furthermore, the aim is to not trust the user to not remove this statement from .bashrc, as letting him the ability to modify this file.

Could in theory modify `.bashrc` but I suspect that the user can avoid running this file, for instance by using SCP. Furthermore, the aim is to not trust the user to not remove this statement from `.bashrc`, as letting him the ability to modify this file.

Benjamin_Loison commented

2024-11-08 18:44:33 +01:00

DuckDuckGo search Linux be notified of SSH connection.

DuckDuckGo search *Linux be notified of SSH connection*.

Benjamin_Loison commented

2024-11-08 18:46:30 +01:00

Being notified when the user logs out would also be interesting but in a second time. Maybe ${PAM_TYPE} = "open_session" of https://www.it-connect.fr/linux-recevoir-un-e-mail-lors-dune-connexion-ssh/ would help.

SSH open_session on LemnosLife VPS from benjamin!
SSH close_session on LemnosLife VPS from benjamin!

Being notified when the user logs out would also be interesting but in a second time. Maybe `${PAM_TYPE} = "open_session"` of https://www.it-connect.fr/linux-recevoir-un-e-mail-lors-dune-connexion-ssh/ would help. ``` SSH open_session on LemnosLife VPS from benjamin! SSH close_session on LemnosLife VPS from benjamin! ```

Benjamin_Loison commented

2024-11-08 18:47:37 +01:00

The purpose is to use matrix-commander.

The purpose is to use `matrix-commander`.

Benjamin_Loison commented

2024-11-08 18:58:25 +01:00

ls /etc/pam.scripts/

ls: cannot access '/etc/pam.scripts/': No such file or directory

sudo mkdir /etc/pam.scripts

/etc/pam.scripts/ssh_alert.sh:

#!/bin/bash

if [ $PAM_USER != 'benjamin' ] && [ $PAM_USER != 'root' ]; then
    message="SSH ${PAM_TYPE} on LemnosLife VPS from $PAM_USER!"
    matrix-commander -m "$message" &
fi

Unsure if necessary:

chmod 711 /etc/pam.scripts/ssh_alert.sh

/etc/pam.d/sshd:

...
session  required  pam_exec.so  /etc/pam.scripts/ssh_alert.sh

```bash ls /etc/pam.scripts/ ``` ``` ls: cannot access '/etc/pam.scripts/': No such file or directory ``` ```bash sudo mkdir /etc/pam.scripts ``` <details> <summary><code>/etc/pam.scripts/ssh_alert.sh</code>:</summary> ```bash #!/bin/bash if [ $PAM_USER != 'benjamin' ] && [ $PAM_USER != 'root' ]; then message="SSH ${PAM_TYPE} on LemnosLife VPS from $PAM_USER!" matrix-commander -m "$message" & fi ``` </details> Unsure if necessary: ```bash chmod 711 /etc/pam.scripts/ssh_alert.sh ``` <details> <summary><code>/etc/pam.d/sshd</code>:</summary> ``` ... session required pam_exec.so /etc/pam.scripts/ssh_alert.sh ``` </details>

Benjamin_Loison commented

2024-11-08 19:02:54 +01:00

Without &:

time ssh benjamin@lemnoslife.com hostname

Output:

vps713872

real	0m6.683s
user	0m0.109s
sys	0m0.011s

Due to Benjamin-Loison/matrix-commander/issues/16.

With &:

time ssh benjamin@lemnoslife.com hostname

Output:

vps713872

real	0m0.645s
user	0m0.116s
sys	0m0.011s

Without `&`: ```bash time ssh benjamin@lemnoslife.com hostname ``` <details> <summary>Output:</summary> ``` vps713872 real 0m6.683s user 0m0.109s sys 0m0.011s ``` </details> Due to [Benjamin-Loison/matrix-commander/issues/16](https://github.com/Benjamin-Loison/matrix-commander/issues/16). With `&`: ```bash time ssh benjamin@lemnoslife.com hostname ``` <details> <summary>Output:</summary> ``` vps713872 real 0m0.645s user 0m0.116s sys 0m0.011s ``` </details>

Benjamin_Loison commented

2024-11-08 19:10:28 +01:00

Would be nice to exclude multiple users without using and.

The Stack Overflow answer 13408590 helped to correct the and usage.

The Stack Overflow question 11396740 may help.

Would be nice to exclude multiple users without using `and`. [The Stack Overflow answer 13408590](https://stackoverflow.com/a/13408590) helped to correct the *and* usage. [The Stack Overflow question 11396740](https://stackoverflow.com/q/11396740) may help.

Benjamin_Loison commented

2024-11-08 19:12:55 +01:00

SSH open_session on LemnosLife VPS from anonymous!
SSH close_session on LemnosLife VPS from anonymous!

ssh anonymous@lemnoslife.com

Output:

This account can only be used for AUD
Connection to lemnoslife.com closed.

Among-us-decentralized/blob/9d6b8c94c273b528c55ff12f56398d7f80116b5c/sources/main.cpp#L113

``` SSH open_session on LemnosLife VPS from anonymous! SSH close_session on LemnosLife VPS from anonymous! ``` ```bash ssh anonymous@lemnoslife.com ``` <details> <summary>Output:</summary> ``` This account can only be used for AUD Connection to lemnoslife.com closed. ``` </details> [Among-us-decentralized/blob/9d6b8c94c273b528c55ff12f56398d7f80116b5c/sources/main.cpp#L113](https://github.com/Benjamin-Loison/Among-us-decentralized/blob/9d6b8c94c273b528c55ff12f56398d7f80116b5c/sources/main.cpp#L113)

Benjamin_Loison commented

2024-11-08 19:14:31 +01:00

sudo ps aux | grep [m]atrix

does not return anything.

```bash sudo ps aux | grep [m]atrix ``` does not return anything.

Benjamin_Loison closed this issue

2024-11-08 19:14:31 +01:00

Benjamin_Loison reopened this issue

2024-11-08 19:14:33 +01:00

Benjamin_Loison commented

2024-11-08 19:21:47 +01:00

grep 'CENSORED from ' /var/log/auth.log | cut -d ':' -f 5-

to verify no connection during this algorithm establishment.

```bash grep 'CENSORED from ' /var/log/auth.log | cut -d ':' -f 5- ``` to verify no connection during this algorithm establishment.

Benjamin_Loison referenced this issue

2025-03-07 17:43:07 +01:00

Run command once a port is listening #69

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/linux#44