在 ubuntu 14.04 上找不到 spawn 命令

tag-icon tag-icon 14.04 bash scripts ssh
在 ubuntu 14.04 上找不到 spawn 命令

我正在使用 Ubuntu 14.04,我想使用 GeoIP 来按国家/地区阻止 SSH 登录(来自https://www.axllent.org/docs/view/ssh-geoip/),

请查找命令的输出:

$ spawn
spawn: command not found

这样我就安装了预计包但仍然不起作用:

apt-get install expect
expect is already the newest version

我想要执行以下脚本:

cat /etc/hosts.allow
sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a

您对此有什么想法吗?

答案1

spawnexpect特定命令,即您需要spawn使用来解释expect

大多数时候,您会使用expect脚本并spawn在其中使用它来启动新进程。

例如:

#!/usr/bin/expect -f
spawn ssh host
expect ....

直接从终端:

% expect -c 'spawn whoami'
spawn whoami

默认情况下,spawn回显命令,从而在终端中输出。

答案2

在这种情况下,似乎spawn指的是语法spawn的扩展hosts.allow,如RUNNING OTHER COMMANDShosts_options(5) 手册页(man hosts_options)的部分中所述:

RUNNING OTHER COMMANDS
    aclexec shell_command
           Execute,  in a child process, the specified shell command, after
           performing   the   %<letter>   expansions   described   in   the
           hosts_access(5)  manual  page.   The  command  is  executed with
           stdin, stdout and stderr connected to the null device,  so  that
           it won't mess up the conversation with the client host. Example:

              smtp : ALL : aclexec checkdnsbl %a

           executes,  in  a  background  child  process,  the shell command
           "checkdnsbl %a" after replacing %a by the address of the  remote
           host.

           The  connection  will be allowed or refused depending on whether
           the command returns a true or false exit status.

    spawn shell_command
           Execute, in a child process, the specified shell command,  after
           performing   the   %<letter>   expansions   described   in   the
           hosts_access(5) manual  page.   The  command  is  executed  with
           stdin,  stdout  and stderr connected to the null device, so that
           it won't mess up the conversation with the client host. Example:

              spawn (/usr/sbin/safe_finger -l @%h | /usr/bin/mail root) &

           executes, in a  background  child  process,  the  shell  command
           "safe_finger  -l @%h | mail root" after replacing %h by the name
           or address of the remote host.

当您尝试在该上下文之外运行它(即作为 shell 中的命令)时会返回错误,这一事实spawn您不必担心 - 如果您在 GeoIP 过滤脚本的正确操作方面遇到问题,那就是另一个问题。

为了演示 hosts.allowspawn扩展在 Ubuntu 14.04 上成功运行,而不纠结于 GeoIP,您可以创建一个最小的可执行脚本 /usr/local/bin/sshfilter.sh,该脚本仅记录 IP 地址,然后返回 0,例如

#!/bin/sh

logger "$0: connection from $1"

exit 0

然后将以下行添加到 hosts 文件:

在 hosts.deny 中:

sshd: ALL

在 hosts.allow 中:

sshd: ALL: spawn /usr/local/bin/sshfilter.sh %a

然后运行

tail -f /var/log/syslog

在一个终端窗口中,并在另一个终端窗口中尝试通过 SSH 登录:

ssh localhost

您应该在系统日志尾部看到一条消息,例如

Jul 25 08:03:59 T61p logger: /usr/local/bin/sshfilter.sh: connection from 127.0.0.1

您可以确认它也可以代替aclexecspawn正如您链接的文章中所建议的那样。事实上,在这种情况下,你应该使用,因为aclexecspawn使用生成的进程的退出代码来确定是否允许连接 -aclexec

相关内容