Showing the REMOTE IP address on the login banner

[Allan]

I have a login banner that is displayed prior to password authentication via SSH.

This is what it currently looks like:

===================================================

This is a private system.


Only authorized users may access this system with their individually assigned user

accounts. Sharing of any account information with anyone is strictly prohibited and

may result in account suspension and/or termination in accordance with the

Acceptable Use Policy (AUP).


All access to this system and all traffic to and from it may be monitored and logged

by the system owner(s), operator(s), and administrator(s).

=====================================================

What I would like to do is add a line (the bottom is fine, but the option to put it anywhere would be great) that says something like the following:

Your IP address is XXX.XXX.XXX.XXX

I found a post about adding the IP address of the server (Thread 61798), but I'm looking to display the remote client IP address and that would obviously change every time a login attempt occurred.

I've investigated gettytab and pam_exec, but so far, I haven't been able to get a solution working. Is this possible and if so, how can I accomplish this?

 

[SirDice]

Is this possible and if so,

I don't think that's possible. The only process that has that information is the sshd(8) daemon itself.

 

[eternal_noob]

There is no advantage in showing the ip address to someone who logs in. He already knows it.
Just write someting like

Your IP address will be recorded

 

[ralphbsz]

Why? What advantage does that give? I don't see any.

What is the disadvantage? The "unknown unknowns": it might have unintended side effects. For example, if the attacker is behind a NAT, they can use the IP address that's seen by the server to figure out how NAT is configured. It also adds complexity, which makes failures more likely.

My other nasty question is this: Why are you showing that legalistic looking banner? I think in most places, unauthorized access to a computer is already illegal. Casual (authorized) users don't need to be told that, and real hackers already know that. Is there a legal advantage to displaying such a banner?

 

[Allan]

Why? What advantage does that give? I don't see any.

Well then...since you don't see a benefit, then let me just withdraw my question. I can appreciate curiosity as to why someone would want to do something a certain way, but knee-jerk reactionary divisiveness? Whatever.

What is the disadvantage? The "unknown unknowns":

So, we don't know what we don't know. Got it. Any more profound and insightful tips you care to share?

For example, if the attacker is behind a NAT, they can use the IP address that's seen by the server to figure out how NAT is configured.

Why would I care what an attacker can ascertain about his network? If the attacker is going after my server he already knows my IP. If I show him his, what exactly is he going to deduce from that? Apparently, this attacker is too incompetent to point his browser to https://ipchicken.com/

Oh....wait... you mean internally. Let's forget for a second you weren't clear and you meant the attacker was behind my NAT. What makes you think this attacker is so incompetent to not know how to use ifconfig and traceroute? I'm genuinely curious...have you actually met any hackers?

It also adds complexity, which makes failures more likely.

Ahh yes.... complexity = failure argument. You're IP address is such-and-such. You're right. I should drop this. I do have some Y2K preparations I've been putting off due to their complexity.

My other nasty question is this: Why are you showing that legalistic looking banner?

You are right...very nasty.

I mean this in the kindest, and in the most professional demeanor possible: It's none of your dam business. FreeBSD gives me the option to put this information on a login screen and for whatever reason I could possibly have, I am opting to use it. I want to know if what I'd like to do is possible and came looking for an answer - not your opinion on what I'm doing. I'm fairly confident I don't have any signed contract for your busuiness practice consultation services, but I've been known to make mistakes. Perhaps you'd like to forward a copy of the executed agreement to refresh my memory?

But what really, really pisses me off about your reply is that I recently participated in a Reddit post about why FreeBSD is better than Linux and my answer was "the community". It's the professionalism, the kindness, the helpfullness and most of all the spirit in which people want to help each other that makes FreeBSD much better than Linux. So, I give you my most heartfelt thanks because in less than 48 hours you proved me a liar and left me with egg on my face. Congratulations. Your method of promotion of the FreeBSD brand speaks volumes.

 

[T-Daemon]

I stumbled about this article "Display IP address in banner text" in a web search. It's explaining how to display local IP addresses on a Linux system in the ssh's banner text with the help of an shell script. You could write a similar shell script. I was thinking using the logging function of sshd(8) (SyslogFacility and LogLevel keyword-arguments) to extract the remote clients IP address and update the banner text.

I can't help with the script (lack of shell scripting knowledge), but you could use the shell scripts from the link as a draft to adapt it to your needs. Notice the example link in the article, pointing to "Show IP address of VM as console pre-login message"