4

I want to echo some text from a pam_exec script after a successful SSH login (pubkey) but before the script itself exits (2FA purposes).

Whatever the script prints during its execution is displayed when the script terminates.

Example:

#!/bin/bash
echo "YAY!"
sleep 2
exit 0

YAY! is printed only after 2 seconds followed by motd and command prompt. Obviously I have already added "stdout" in the PAM entry:

account    required     pam_exec.so     stdout     /etc/test/test.sh

This guy (https://stackoverflow.com/a/43715952/12662891) had a similar problem but I can't find out how he solved his problem.

Pro Backup
  • 984
  • 4
  • 15
  • 35
Riccardo Salve
  • 41
  • 5
  • @flix mentions the fix was "...change a pam_info statement, in the source of pam_exec, to a pam_prompt...". Looking at the source code (https://github.com/linux-pam/linux-pam/blob/master/modules/pam_exec/pam_exec.c) for pam_exec, there's only one line where pam_info occurrs. Might not be too bad to figure out. – Server Fault Jan 09 '20 at 14:42
  • @ServerFault I already tried that but it's not easy as it seems, at least for me. The statements have different C signatures and I would like not to mess up something. – Riccardo Salve Jan 12 '20 at 15:21

1 Answers1

0

You can execute a command at the end of your SSH login simply by ssh user@host 'whoami'. In your script pass the variable in the command and it can be used by the remote session.

LTPCGO
  • 508
  • 1
  • 3
  • 15
  • Ok, maybe my question wasn't clear. If so my fault sorry. I want to execute a script using Pluggable Authentication Modules as a second factor authentication. – Riccardo Salve Jan 07 '20 at 18:37