LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   sshd_config error Bad configuration option: PermitLocalCommand (http://www.linuxquestions.org/questions/linux-server-73/sshd_config-error-bad-configuration-option-permitlocalcommand-4175438316/)

MrUmunhum 11-22-2012 02:03 PM

sshd_config error Bad configuration option: PermitLocalCommand
 
Hi group,

I am having a problem with sshd_config. I am trying to implement PermitLocalCommand and LocalCommand. I have updated my config file with this:
Code:

PermitLocalCommand  yes
LocalCommand        /usr/local/bin/check_sftp_limit.php

Match Group vms

        ChrootDirectory /home/vms
        ForceCommand internal-sftp

But when I try to execute I get these error messages:
Code:

/usr/sbin/sshd  -f /etc/ssh/vms_config
/etc/ssh/vms_config: line 29: Bad configuration option: PermitLocalCommand
/etc/ssh/vms_config: line 30: Bad configuration option: LocalCommand
/etc/ssh/vms_config: terminating, 2 bad configuration options

These options are in the man page as valid. It fails on my Fedora 13, raspbian ( Debian ) and with the latest source ( OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012 ).

Do I need to compile the source with some special option??

Thanks for your time.

bathory 11-22-2012 05:18 PM

Hi,

Both these options are intended to be used with ssh (the client), not sshd (the server). So if you want to use them, add them in /etc/ssh/ssh_config.

Regards

MrUmunhum 11-23-2012 12:04 PM

Quote:

Originally Posted by bathory (Post 4835093)
Hi,

Both these options are intended to be used with ssh (the client), not sshd (the server). So if you want to use them, add them in /etc/ssh/ssh_config.

Regards

Not the answer I was looking for but does answer the question.

Thanks.

Turbocapitalist 11-24-2012 08:05 AM

Quote:

Originally Posted by MrUmunhum (Post 4835582)
Not the answer I was looking for but does answer the question.

Thanks.

What were you looking for? Maybe there is another way to reach the results you intended.

MrUmunhum 11-25-2012 01:59 PM

Quote:

Originally Posted by Turbocapitalist (Post 4835990)
What were you looking for? Maybe there is another way to reach the results you intended.

What I need to do is limit the number of connection made by a SFTP user. I have tried many ways that don't completely work. I need a way to run a script when the user logs in. I have the script but I can't figure a way to call it other than tailing /var/log/messages for 'Accepted password for user'. Which will work but then there is the log rotate problem. I really don't want to modify SFTP.

This is the script I want to run:
Code:

#!/usr/bin/php
<?php
$Find    = "/bin/ps --no-header -C sshd -o pid,etime,uname,comm,ppid,args | "
        . "/bin/grep internal-sftp  | tr -s ' '";
$Count  = 0;
$Running = explode( "\n", trim( shell_exec( $Find ) ) );

foreach( $Running as $Line )  {
  $Line = trim($Line);
  $cmd  = explode( " ", "$Line" );
  if( $cmd[2] === 'user' )  { 
    if( ++$Count > 2 )  {
      shell_exec( "/bin/logger Limit exceeded $Line" );
      shell_exec( "/bin/kill -usr1 $cmd[4]" );  }
      exit;  }  }
?>

It works great but how to call it?

Turbocapitalist 11-25-2012 02:16 PM

You can run a script on successful login either in /etc/ssh/sshrc or in ~/.ssh/rc It can't be allowed to produce any output to stdout, though.

If you run sshd under xinetd instead of as a daemon, you can limit the number per ip address using per_source. It's not the same a limiting per user, but close. Maybe you could have the script check how many times the user is logged in already and drop the connection if the max is exceeded.


All times are GMT -5. The time now is 03:54 AM.