Ubuntu: Run (system) script on SSH login and/or logout


I'd like my OpenSSH server to start a script whenever a user logs in using SSH, ideally passing the host name or IP, as well as the user name. Additionally I'd like it to run a script, whenever a session is terminated (passing the username). These scripts should not run in the user's session, but system wide.

The idea is to give an audio warning on login and logout, e.g. using espeak, and to display the information on an external display.

I've seen that there is a pam-scripts package but I'm not sure if this does what I want, nor how to use it.


You can force a command onto your SSH-users instead of the one they request (or their shell if they don't give a specific command). This can be done by specifying that command with something like ForceCommand /root/ssh-wrapper in /etc/ssh/sshd_config (it doesn't matter where the script is located or how it's named, just make sure it is executable by all users and the sshd configuration file points to it). You also need to restart/reload sshd. The original command is accessible to the forced command as $SSH_ORIGINAL_COMMAND.

I just hacked this script together:

#! /bin/sh    # add logger options when needed  log="logger -t ssh-wrapper"    # find IP address  ip=`echo $SSH_CONNECTION | cut -d " " -f 1`    $log $USER login from $ip  espeak "$USER just logged in from $ip" > /dev/null 2>&1    $log command: ${SSH_ORIGINAL_COMMAND:-shell}  ${SSH_ORIGINAL_COMMAND:-shell}    $log $USER logout  espeak "$USER just logged out" > /dev/null 2>&1  

Now every time I login or logout a voice tells me about it, and a log entry gets written to syslog. It also logs the command. You can use something like the following to "follow" your sshd usage:

tailf /var/log/syslog | grep ssh-wrapper  

Please note that this script is mostly untested, so use at your own risk! ;-)

PS: remember that this script is run as the user that logged in, so you can't do everything you want if you change it to add more features...


I've seen this matching events in log file before (which would allow you flexibility on matching anything). This page is poorly formatted but it might help you get started: https://help.ubuntu.com/community/AudibleLogs#Play with esound


(Answer cross-posted from the same question on ServerFault)

Just write a script to do whatever you want and then stick it in /etc/profile or possibly/etc/bash.bashrc depending on your needs. Changes to those files will apply to all users. I'm not sure how you'd go about notifying on logout with this approach, though.

Alternatively, another way to do this would be to have a simple daemon monitoring /var/log/auth for new (and closing) ssh sessions. That way it would be able to send notifications on both login and logout.


You can use the sshrc (man sshd , search for sshrc)

ssh will execute the /etc/ssh/sshrc if it exists and you can run one script (or call multiple scripts) from there

you can call any bash variable, like $USER or get the IP via

read -d " " ip <<< $SSH_CONNECTION  

you can write a script to test or log what ever you want.

Logout script... well, that is what i'm searching for! :D

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »