spawn command not found on ubuntu 14.04
Solution 1
In this case, it seem that spawn
refers to the spawn
extension to the hosts.allow
syntax, as described in the RUNNING OTHER COMMANDS
section of the hosts_options (5) man page (man hosts_options
):
RUNNING OTHER COMMANDS
aclexec shell_command
Execute, in a child process, the specified shell command, after
performing the %<letter> expansions described in the
hosts_access(5) manual page. The command is executed with
stdin, stdout and stderr connected to the null device, so that
it won't mess up the conversation with the client host. Example:
smtp : ALL : aclexec checkdnsbl %a
executes, in a background child process, the shell command
"checkdnsbl %a" after replacing %a by the address of the remote
host.
The connection will be allowed or refused depending on whether
the command returns a true or false exit status.
spawn shell_command
Execute, in a child process, the specified shell command, after
performing the %<letter> expansions described in the
hosts_access(5) manual page. The command is executed with
stdin, stdout and stderr connected to the null device, so that
it won't mess up the conversation with the client host. Example:
spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &
executes, in a background child process, the shell command
"safe_finger -l @%h | mail root" after replacing %h by the name
or address of the remote host.
The fact that spawn
returns an error when you attempt to run it outside of that context (i.e. as a command in the shell) need not concern you - if you are having issues with proper operation of the GeoIP filtering script that's a separate issue.
To demonstrate the successful operation of the hosts.allow spawn
extension on Ubuntu 14.04 without getting tangled up in GeoIP, you can create a minimal executable /usr/local/bin/sshfilter.sh script that simply logs the IP address and then returns 0, e.g.
#!/bin/sh
logger "$0: connection from $1"
exit 0
Then with the following lines added to the hosts files:
In hosts.deny:
sshd: ALL
In hosts.allow:
sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a
Then run
tail -f /var/log/syslog
in one terminal window and, in another, attempt to log in via SSH:
ssh localhost
You should see a message in the syslog tail like
Jul 25 08:03:59 T61p logger: /usr/local/bin/sshfilter.sh: connection from 127.0.0.1
You can confirm that it also works with aclexec
in place of spawn
, as suggested in the article you linked. In fact in this case you should use aclexec
since spawn
does not use the exit code of the spawned process to determine whether to allow the connection - which aclexec
does.
Solution 2
spawn
is expect
specific command i.e. you need to interpret spawn
using expect
.
Most of the time you would use a expect
script and use spawn
inside it to start a new process.
For example:
#!/usr/bin/expect -f
spawn ssh host
expect ....
From terminal directly:
% expect -c 'spawn whoami'
spawn whoami
By default spawn
echoes the command hence the output in the terminal.
Related videos on Youtube
Nullpointer
Updated on September 18, 2022Comments
-
Nullpointer over 1 year
I'm using Ubuntu 14.04 and I want to block SSH login country wise using GeoIP ( From https://www.axllent.org/docs/view/ssh-geoip/),
Please find output of command:
$ spawn spawn: command not found
So that I've install expect package but still not working:
apt-get install expect expect is already the newest version
I want to execute following script:
cat /etc/hosts.allow sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a
Have you any idea regarding same ?
-
Nullpointer almost 8 yearsaclexec is not work on ubuntu 14.04, So that i'm using spawn but both are not work ! , Is there any way to test both command?
-
steeldriver almost 8 years@RGG can you provide more details about how you determined that it's not working? what did you try - and what happened, exactly?
-
Nullpointer almost 8 yearssee this URL: axllent.org/docs/view/ssh-geoip , In this one of script name "sshfilter.sh" which is allow and deny SSH connection.
-
steeldriver almost 8 years@RGG thanks I already looked at the page you linked - what I'm asking is what part specifically isn't working and how you tested it. For example, did you attempt a connection from an allowed country? from a denied country? what messages if any appeared in the log?
-
Nullpointer almost 8 yearsOk, In script, I've added "allow connection" notification line on If condition then I'm trying to login from other DENY or ALLOW country, But still able to login from DENY country. If script execute well then It must be show allow/deny message on log file.
-
steeldriver almost 8 years@RGG I've confirmed that both
spawn
andaclexec
work on my Ubuntu 14.04 system - please see my edited answer for a simple test you can do -
Nullpointer almost 8 yearsAfter the reinstall openssh-server, Now I get "DENY and Allow connection" msg on log file but still able to login from DENY Country ? !!! Now I think, spawn issue resolved. Thanks for knowledge sharing.
-
steeldriver almost 8 yearsPlease try changing
spawn
back toaclexec
for the reason I outlined - I see no evidence that it "doesn't work in Ubuntu" - you shouldn't believe everything you read in random blog comments