Question

2

spawn command not found on ubuntu 14.04

rated 0 times [ 2] [ 0] / answers: 1 / hits: 22351 / 2 Years ago, tue, november 1, 2022, 1:18:22

I'm using Ubuntu 14.04 and I want to block SSH login country wise using GeoIP ( From https://www.axllent.org/docs/view/ssh-geoip/),

Please find output of command:

$ spawn

spawn: command not found

So that I've install expect package but still not working:

apt-get install expect

expect is already the newest version

I want to execute following script:

cat /etc/hosts.allow

sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a

Have you any idea regarding same ?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

fishutt

Add To Favorites

Follow

Total Points: 391

Total Questions: 137

Total Answers: 106

Location: Mexico

Member since Tue, Aug 11, 2020

4 Years ago

answered 2 Years ago vigorousom · Accepted Answer

In this case, it seem that spawn refers to the spawn extension to the hosts.allow syntax, as described in the RUNNING OTHER COMMANDS section of the hosts_options (5) man page (man hosts_options):

RUNNING OTHER COMMANDS

    aclexec shell_command

           Execute,  in a child process, the specified shell command, after

           performing   the   %<letter>   expansions   described   in   the

           hosts_access(5)  manual  page.   The  command  is  executed with

           stdin, stdout and stderr connected to the null device,  so  that

           it won't mess up the conversation with the client host. Example:



              smtp : ALL : aclexec checkdnsbl %a



           executes,  in  a  background  child  process,  the shell command

           "checkdnsbl %a" after replacing %a by the address of the  remote

           host.



           The  connection  will be allowed or refused depending on whether

           the command returns a true or false exit status.



    spawn shell_command

           Execute, in a child process, the specified shell command,  after

           performing   the   %<letter>   expansions   described   in   the

           hosts_access(5) manual  page.   The  command  is  executed  with

           stdin,  stdout  and stderr connected to the null device, so that

           it won't mess up the conversation with the client host. Example:



              spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &



           executes, in a  background  child  process,  the  shell  command

           "safe_finger  -l @%h | mail root" after replacing %h by the name

           or address of the remote host.

The fact that spawn returns an error when you attempt to run it outside of that context (i.e. as a command in the shell) need not concern you - if you are having issues with proper operation of the GeoIP filtering script that's a separate issue.

To demonstrate the successful operation of the hosts.allow spawn extension on Ubuntu 14.04 without getting tangled up in GeoIP, you can create a minimal executable /usr/local/bin/sshfilter.sh script that simply logs the IP address and then returns 0, e.g.

#!/bin/sh



logger "$0: connection from $1"



exit 0

Then with the following lines added to the hosts files:

In hosts.deny:

sshd: ALL

In hosts.allow:

sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a

Then run

tail -f /var/log/syslog

in one terminal window and, in another, attempt to log in via SSH:

ssh localhost

You should see a message in the syslog tail like

Jul 25 08:03:59 T61p logger: /usr/local/bin/sshfilter.sh: connection from 127.0.0.1

You can confirm that it also works with aclexec in place of spawn, as suggested in the article you linked. In fact in this case you should use aclexec since spawn does not use the exit code of the spawned process to determine whether to allow the connection - which aclexec does.