spawn command not found on ubuntu 14.04

14.04 bash scripts ssh

20,232

Solution 1

In this case, it seem that spawn refers to the spawn extension to the hosts.allow syntax, as described in the RUNNING OTHER COMMANDS section of the hosts_options (5) man page (man hosts_options):

RUNNING OTHER COMMANDS
    aclexec shell_command
           Execute,  in a child process, the specified shell command, after
           performing   the   %<letter>   expansions   described   in   the
           hosts_access(5)  manual  page.   The  command  is  executed with
           stdin, stdout and stderr connected to the null device,  so  that
           it won't mess up the conversation with the client host. Example:

              smtp : ALL : aclexec checkdnsbl %a

           executes,  in  a  background  child  process,  the shell command
           "checkdnsbl %a" after replacing %a by the address of the  remote
           host.

           The  connection  will be allowed or refused depending on whether
           the command returns a true or false exit status.

    spawn shell_command
           Execute, in a child process, the specified shell command,  after
           performing   the   %<letter>   expansions   described   in   the
           hosts_access(5) manual  page.   The  command  is  executed  with
           stdin,  stdout  and stderr connected to the null device, so that
           it won't mess up the conversation with the client host. Example:

              spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &

           executes, in a  background  child  process,  the  shell  command
           "safe_finger  -l @%h | mail root" after replacing %h by the name
           or address of the remote host.

The fact that spawn returns an error when you attempt to run it outside of that context (i.e. as a command in the shell) need not concern you - if you are having issues with proper operation of the GeoIP filtering script that's a separate issue.

To demonstrate the successful operation of the hosts.allow spawn extension on Ubuntu 14.04 without getting tangled up in GeoIP, you can create a minimal executable /usr/local/bin/sshfilter.sh script that simply logs the IP address and then returns 0, e.g.

#!/bin/sh

logger "$0: connection from $1"

exit 0

Then with the following lines added to the hosts files:

In hosts.deny:

sshd: ALL

In hosts.allow:

sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a

Then run

tail -f /var/log/syslog

in one terminal window and, in another, attempt to log in via SSH:

ssh localhost

You should see a message in the syslog tail like

Jul 25 08:03:59 T61p logger: /usr/local/bin/sshfilter.sh: connection from 127.0.0.1

You can confirm that it also works with aclexec in place of spawn, as suggested in the article you linked. In fact in this case you should use aclexec since spawn does not use the exit code of the spawned process to determine whether to allow the connection - which aclexec does.

Solution 2

spawn is expect specific command i.e. you need to interpret spawn using expect.

Most of the time you would use a expect script and use spawn inside it to start a new process.

For example:

#!/usr/bin/expect -f
spawn ssh host
expect ....

From terminal directly:

% expect -c 'spawn whoami'
spawn whoami

By default spawn echoes the command hence the output in the terminal.

20,232

Nullpointer

Updated on September 18, 2022

Comments

Nullpointer over 1 year
I'm using Ubuntu 14.04 and I want to block SSH login country wise using GeoIP ( From https://www.axllent.org/docs/view/ssh-geoip/),

Please find output of command:
```
$ spawn
spawn: command not found
```
So that I've install expect package but still not working:
```
apt-get install expect
expect is already the newest version
```
I want to execute following script:
```
cat /etc/hosts.allow
sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a
```
Have you any idea regarding same ?
Nullpointer almost 8 years

aclexec is not work on ubuntu 14.04, So that i'm using spawn but both are not work ! , Is there any way to test both command?
steeldriver almost 8 years

@RGG can you provide more details about how you determined that it's not working? what did you try - and what happened, exactly?
Nullpointer almost 8 years

see this URL: axllent.org/docs/view/ssh-geoip , In this one of script name "sshfilter.sh" which is allow and deny SSH connection.
steeldriver almost 8 years

@RGG thanks I already looked at the page you linked - what I'm asking is what part specifically isn't working and how you tested it. For example, did you attempt a connection from an allowed country? from a denied country? what messages if any appeared in the log?
Nullpointer almost 8 years

Ok, In script, I've added "allow connection" notification line on If condition then I'm trying to login from other DENY or ALLOW country, But still able to login from DENY country. If script execute well then It must be show allow/deny message on log file.
steeldriver almost 8 years

@RGG I've confirmed that both spawn and aclexec work on my Ubuntu 14.04 system - please see my edited answer for a simple test you can do
Nullpointer almost 8 years

After the reinstall openssh-server, Now I get "DENY and Allow connection" msg on log file but still able to login from DENY Country ? !!! Now I think, spawn issue resolved. Thanks for knowledge sharing.
steeldriver almost 8 years

Please try changing spawn back to aclexec for the reason I outlined - I see no evidence that it "doesn't work in Ubuntu" - you shouldn't believe everything you read in random blog comments