Learn about Centmin Mod LEMP Stack today
Register Now

Sysadmin exit dmotd.sh depending on connecting IP

Discussion in 'System Administration' started by jcat, Jul 22, 2020.

  1. jcat

    jcat Member

    130
    18
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +49
    Local Time:
    7:21 PM
    We are trying to think of the best way to bypass
    Code:
    /usr/local/src/centminmod/config/motd/dmotd.sh
    when connecting to the server from a specific IP. When we deploy changes with Ansible the motd greatly delays the entire process so was thinking of adding something simple like

    Code:
    [[ $SSH_CONNECTION == *"123.123.123.123"* ]] && exit 0
    to the top of dmotd.sh

    Works good, anyway to make this work without having to modify centmin core files?
     
  2. jcat

    jcat Member

    130
    18
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +49
    Local Time:
    7:21 PM
    Ha nevermind, guess I just need to read.

    Code:
    echo "PrintMotd no" >> /etc/ssh/sshd_config
    echo "# session optional pam_motd.so" >> /etc/pam.d/login
    echo "/usr/local/bin/dmotd" >> /etc/profile
    chmod +x /usr/local/bin/dmotd
    :D
     
  3. jcat

    jcat Member

    130
    18
    18
    Jun 21, 2015
    New Jersey
    Ratings:
    +49
    Local Time:
    7:21 PM
    Nevermind again
    Code:
    # ls -lh /usr/local/bin/dmotd
    lrwxrwxrwx 1 root root 46 Jul 21 13:37 /usr/local/bin/dmotd -> /usr/local/src/centminmod/config/motd/dmotd.sh
    
    Looks like its a symlink so cannot make direct changes to /usr/local/bin/dmotd
     
  4. eva2000

    eva2000 Administrator Staff Member

    44,787
    10,215
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,832
    Local Time:
    9:21 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Centmin Mod 123.09beta01 and higher's dmotd routine should now only trigger for interactive ssh sessions and not for non-interactive via login in /etc/profile.d/dmotd.sh.

    /etc/profile.d/dmotd.sh is populated from inc/motd.inc line 13-25 in 123.09beta01

    from /etc/profile.d/dmotd.sh
    Code (Text):
    #!/bin/bash
    #if [[ "$(id -u)" = '0' && -f /usr/local/bin/dmotd ]]; then  /usr/local/bin/dmotd; fi
    if tty -s; then type='interactive'; if [[ "$(id -u)" = '0' && -f /usr/local/bin/dmotd ]]; then /usr/local/bin/dmotd; fi; else type='non-interactive'; fi;
    if echo $0 | grep -e ^\- 2>&1 > /dev/null; then login='login'; else login='non-login'; fi;
    #echo "$type/$login"

    actual line above then triggers /usr/local/bin/dmotd
    Code (Text):
    if tty -s; then type='interactive'; if [[ "$(id -u)" = '0' && -f /usr/local/bin/dmotd ]]; then /usr/local/bin/dmotd; fi; else type='non-interactive'; fi;

    I guess you can change the logic for
    Code (Text):
    if [[ "$(id -u)" = '0' && -f /usr/local/bin/dmotd ]]

    to
    Code (Text):
    if [[ $SSH_CONNECTION != "123.123.123.123" && "$(id -u)" = '0' && -f /usr/local/bin/dmotd ]]

    or change $SSH_CONNECTION check against a file that contains a bunch of IP addresses if you have more than one IP address to account for.