I would like to implement an arbitrary script to be executed when logging on via SSH. This is supposedly possible using the ForceCommand option to sshd. However, as soon as I implement any script, even as simple as echoing a string, clients can no longer connect to the server. Clients report only that the connection was dropped by the server. The server, in debug mode, shows: Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: Starting session: forced-command (config) '/tmp/s.sh' on pts/3 for kimmell from 198.253.183.24 port 55673 Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_audit_run_command entering command /tmp/s.sh Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_send entering: type 114 Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_receive_expect entering: type 115 Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_request_receive entering Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_receive entering Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: monitor_read: checking request 114 Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_answer_audit_command entering Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: fatal: mm_answer_audit_command: error allocating a session Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: do_cleanup Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: cleanup Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: closing session Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: pam_unix(sshd:session): session closed for user <user> Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: deleting credentials Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: PAM: sshpam_thread_cleanup entering Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: session_pty_cleanup: session 0 release /dev/pts/3 Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug1: do_cleanup Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: PAM: sshpam_thread_cleanup entering Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_send entering: type 122 Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: fatal: mm_request_send: write: Broken pipe It may be important to note that this is on RHEL7. Hopefully this is on-topic. I tried the general OpenSSH discussion list but there seems to be no activity on that list. Thanks, -LJK
Hi, On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote:> I would like to implement an arbitrary script to be executed when logging > on via SSH.I'd just do this in the PAM session handler. ForceCommand means "run this command *and then exit*", so this is not what you want. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
Gert, Thank you for the feedback. Can you give any further direction on where to get more information on what you are describing? On Wed, Feb 17, 2016 at 3:17 PM, Gert Doering <gert at greenie.muc.de> wrote:> Hi, > > On Wed, Feb 17, 2016 at 12:59:57PM -0600, Lesley Kimmel wrote: > > I would like to implement an arbitrary script to be executed when logging > > on via SSH. > > I'd just do this in the PAM session handler. > > ForceCommand means "run this command *and then exit*", so this is not > what you want. > > gert > > > -- > USENET is *not* the non-clickable part of WWW! > // > www.muc.de/~gert/ > Gert Doering - Munich, Germany > gert at greenie.muc.de > fax: +49-89-35655025 > gert at net.informatik.tu-muenchen.de >