LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-22-2012, 02:03 PM   #1
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA
Distribution: Debian/ Fedora
Posts: 432

Rep: Reputation: 33
sshd_config error Bad configuration option: PermitLocalCommand


Hi group,

I am having a problem with sshd_config. I am trying to implement PermitLocalCommand and LocalCommand. I have updated my config file with this:
Code:
PermitLocalCommand  yes
LocalCommand        /usr/local/bin/check_sftp_limit.php

Match Group vms

        ChrootDirectory /home/vms
        ForceCommand internal-sftp
But when I try to execute I get these error messages:
Code:
 /usr/sbin/sshd  -f /etc/ssh/vms_config 
/etc/ssh/vms_config: line 29: Bad configuration option: PermitLocalCommand
/etc/ssh/vms_config: line 30: Bad configuration option: LocalCommand
/etc/ssh/vms_config: terminating, 2 bad configuration options
These options are in the man page as valid. It fails on my Fedora 13, raspbian ( Debian ) and with the latest source ( OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012 ).

Do I need to compile the source with some special option??

Thanks for your time.

Last edited by MrUmunhum; 11-22-2012 at 02:12 PM.
 
Old 11-22-2012, 05:18 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,962

Rep: Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341Reputation: 1341
Hi,

Both these options are intended to be used with ssh (the client), not sshd (the server). So if you want to use them, add them in /etc/ssh/ssh_config.

Regards
 
Old 11-23-2012, 12:04 PM   #3
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA
Distribution: Debian/ Fedora
Posts: 432

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by bathory View Post
Hi,

Both these options are intended to be used with ssh (the client), not sshd (the server). So if you want to use them, add them in /etc/ssh/ssh_config.

Regards
Not the answer I was looking for but does answer the question.

Thanks.
 
Old 11-24-2012, 08:05 AM   #4
Turbocapitalist
Member
 
Registered: Apr 2005
Distribution: Ubuntu, Debian, OS X (bsd)
Posts: 156

Rep: Reputation: 30
Quote:
Originally Posted by MrUmunhum View Post
Not the answer I was looking for but does answer the question.

Thanks.
What were you looking for? Maybe there is another way to reach the results you intended.
 
Old 11-25-2012, 01:59 PM   #5
MrUmunhum
Member
 
Registered: May 2006
Location: Mt Umunhum, CA, USA
Distribution: Debian/ Fedora
Posts: 432

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by Turbocapitalist View Post
What were you looking for? Maybe there is another way to reach the results you intended.
What I need to do is limit the number of connection made by a SFTP user. I have tried many ways that don't completely work. I need a way to run a script when the user logs in. I have the script but I can't figure a way to call it other than tailing /var/log/messages for 'Accepted password for user'. Which will work but then there is the log rotate problem. I really don't want to modify SFTP.

This is the script I want to run:
Code:
#!/usr/bin/php
<?php
$Find    = "/bin/ps --no-header -C sshd -o pid,etime,uname,comm,ppid,args | "
         . "/bin/grep internal-sftp  | tr -s ' '";
$Count   = 0;
$Running = explode( "\n", trim( shell_exec( $Find ) ) );

foreach( $Running as $Line )  {
  $Line = trim($Line);
  $cmd  = explode( " ", "$Line" );
  if( $cmd[2] === 'user' )  {  
    if( ++$Count > 2 )  {
      shell_exec( "/bin/logger Limit exceeded $Line" ); 
      shell_exec( "/bin/kill -usr1 $cmd[4]" );  }
      exit;  }  }
?>
It works great but how to call it?

Last edited by MrUmunhum; 11-25-2012 at 02:03 PM.
 
Old 11-25-2012, 02:16 PM   #6
Turbocapitalist
Member
 
Registered: Apr 2005
Distribution: Ubuntu, Debian, OS X (bsd)
Posts: 156

Rep: Reputation: 30
You can run a script on successful login either in /etc/ssh/sshrc or in ~/.ssh/rc It can't be allowed to produce any output to stdout, though.

If you run sshd under xinetd instead of as a daemon, you can limit the number per ip address using per_source. It's not the same a limiting per user, but close. Maybe you could have the script check how many times the user is logged in already and drop the connection if the max is exceeded.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SCP Error: Unrecognized configuration parameter permitlocalcommand raydawg2000 Linux - Software 1 01-31-2011 12:46 PM
Mount: wrong fs type, bad option, bad superblock missing codepage or other error twaddlac Linux - Virtualization and Cloud 3 09-29-2010 10:24 AM
Mount: wrong fs type, bad option, bad superblock missing codepage or other error twaddlac Red Hat 4 09-28-2010 05:45 AM
ERROR AT MOUNTING USB :mount: wrong fs type, bad option, bad superblock on /dev/sda1, saiket Linux - Hardware 3 04-12-2008 01:07 AM
sftp - sshd_config "Subsystem" bad configuration??? halo14 *BSD 3 02-04-2005 08:45 AM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration