Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Any way to make opensshd respect login.defs?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Thu Apr 05, 2018 4:54 am    Post subject: Any way to make opensshd respect login.defs? Reply with quote

I have a server that I'm frequently forgetting to update the default boot kernel on (using UEFI BootOnce to test new ones so it always falls back to the last "safe" kernel I manually installed, but it can be months old when that happens).
So I thought I'd be clever and set “MOTD_FILE /proc/version:/etc/motd” in login.defs, so that I can see at a glance if it's running what I expect. It seems sshd has hardcoded emulation for various bits of login.defs functionality making for some confusing debugging, but I eventually figured out it doesn't do this thing I want. I can run login(1) manually and see that it works there, but there's probably a good reason ssh doesn't run that itself. Is there any way to get the full login behaviour over ssh, or should I just give up and use bashrc for stuff like this?
Back to top
View user's profile Send private message
krinn
Watchman
Watchman


Joined: 02 May 2003
Posts: 7470

PostPosted: Thu Apr 05, 2018 1:38 pm    Post subject: Reply with quote

Code:
>echo "$(cat /proc/version)" > /etc/motd
>ssh beleg
Linux version 4.14.11 (root@beleg) (gcc version 5.4.0 (Gentoo 5.4.0-r3 p1.3, pie-0.6.5)) #2 SMP PREEMPT Wed Jan 10 15:11:16 CET 2018

Yes, that simple :)
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21558

PostPosted: Fri Apr 06, 2018 2:15 am    Post subject: Reply with quote

Useless Use of Cat and Useless Use of Echo. :) That could be done with cp, but none of this answers his question.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Fri Apr 06, 2018 9:31 am    Post subject: Reply with quote

Actually krinn's right, the dumb solutions are usually the best. I'd like to keep the rest of /etc/motd intact though, which makes things a little more complicated. Nothing I can't fix with some dumb sed though...
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Apr 06, 2018 10:42 am    Post subject: Reply with quote

Hu wrote:
Useless Use of Cat and Useless Use of Echo. :) That could be done with cp, but none of this answers his question.

Hu, et al ... wouldn't that be a useless use of cp ;) hehehe

Code:
# echo $SHELL
/bin/zsh
# </proc/version >/etc/motd

@Ant .P ... MOTD_FILE (man login) can include multiple files (colon delimited), so you can simply have it point to /proc/version ... no useless use of anything ;)

best ... khay
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20067

PostPosted: Fri Apr 06, 2018 4:24 pm    Post subject: Reply with quote

khayyam wrote:
Hu wrote:
Useless Use of Cat and Useless Use of Echo. :) That could be done with cp, but none of this answers his question.

Hu, et al ... wouldn't that be a useless use of cp ;) hehehe

Code:
# echo $SHELL
/bin/zsh
# </proc/version >/etc/motd

@Ant .P ... MOTD_FILE (man login) can include multiple files (colon delimited), so you can simply have it point to /proc/version ... no useless use of anything ;)

best ... khay
Aaaaand.... since you didn't read Ant P.'s post, I guess your post would be UUOR (useless use of response) :P

Ant P. mentions your "solution," which doesn't work, and the main reason behind the thread.
Ant P. wrote:
So I thought I'd be clever and set “MOTD_FILE /proc/version:/etc/motd” in login.defs

_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Apr 06, 2018 9:27 pm    Post subject: Reply with quote

khayyam wrote:
@Ant .P ... MOTD_FILE (man login) can include multiple files (colon delimited), so you can simply have it point to /proc/version ... no useless use of anything ;)

pjp wrote:
Aaaaand.... since you didn't read Ant P.'s post, I guess your post would be UUOR (useless use of response) :P Ant P. mentions your "solution," which doesn't work, and the main reason behind the thread.

pjp ... actually no, I did read it, I simply forgot to include one part of the equation, he would need to enable 'PrintMotd yes' in /etc/sshd/sshd_config (which was not mentioned and is set to 'no' by default). I call your UUOR and raise you a UUOAC (useless use of a correction) ;)

best ... khay
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Fri Apr 06, 2018 10:11 pm    Post subject: Reply with quote

That's on by default for me...
man 5 sshd_config wrote:
PrintMotd
Specifies whether sshd(8) should print /etc/motd when a user logs
in interactively. (On some systems it is also printed by the
shell, /etc/profile, or equivalent.) The default is yes.


I ended up putting an old-fashioned $Id:$ marker in /etc/motd, with a @reboot line in crontab which runs this ugly mess to fill it in:
Code:
perl -pi -e 's{^(.*\$Id:).*?(\$.*)$}{sprintf(q[%s %s %s],$1,chomp($_=`uname -r`)&&$_,$2)}e' /etc/motd

That... more or less does what I originally wanted. (It's a lot more readable than the failed attempts I made with sed/ed, seriously!)
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Apr 06, 2018 11:01 pm    Post subject: Reply with quote

Ant P. wrote:
That's on by default for me...
man 5 sshd_config wrote:
PrintMotd
Specifies whether sshd(8) should print /etc/motd when a user logs
in interactively. (On some systems it is also printed by the
shell, /etc/profile, or equivalent.) The default is yes.

Ant P. ... hmmm, for me it's set to 'no', though the file is older than the install so it's possible I set it for some reason I can nolonger remember. Anyhow, I think the issue is that MOTD_FILE is set via pam.d, and not login.defs, when pam is in use ('UsePAM yes'). However, the colon syntax doesn't seem to apply here, but the following seems to get something near the desired result.

Code:
% grep motd /etc/pam.d/system-login
session  optional  pam_motd.so motd=/etc/motd motd=/etc/motd2
% grep . /etc/motd*
/etc/motd:hello
/etc/motd2:this is a test
% ssh localhost
this is a test
hello

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum