Using 'ForceCommand' Option

Lesley Kimmel lesley.j.kimmel at gmail.com
Thu Feb 18 05:59:57 AEDT 2016


I would like to implement an arbitrary script to be executed when logging
on via SSH. This is supposedly possible using the ForceCommand option to
sshd. However, as soon as I implement any script, even as simple as echoing
a string, clients can no longer connect to the server. Clients report only
that the connection was dropped by the server. The server, in debug mode,
shows:

Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: Starting session: forced-command
(config) '/tmp/s.sh' on pts/3 for kimmell from 198.253.183.24 port 55673
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_audit_run_command
entering command /tmp/s.sh
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_send
entering: type 114
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3:
mm_request_receive_expect entering: type 115
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_request_receive
entering Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3:
mm_request_receive entering
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: monitor_read: checking
request 114
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: mm_answer_audit_command
entering
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: fatal: mm_answer_audit_command:
error allocating a session Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]:
debug1: do_cleanup
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: cleanup Feb 17
16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: closing session
 Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: pam_unix(sshd:session): session
closed for user <user>
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: PAM: deleting
credentials
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug3: PAM:
sshpam_thread_cleanup entering
Feb 17 16:14:01 is-rhsat-lv02 sshd[12985]: debug1: session_pty_cleanup:
session 0 release /dev/pts/3 Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]:
debug1: do_cleanup
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: PAM:
sshpam_thread_cleanup entering
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: debug3: mm_request_send
entering: type 122
Feb 17 16:14:01 is-rhsat-lv02 sshd[13008]: fatal: mm_request_send: write:
Broken pipe

It may be important to note that this is on RHEL7.

Hopefully this is on-topic. I tried the general OpenSSH discussion list but
there seems to be no activity on that list.

Thanks,
-LJK


More information about the openssh-unix-dev mailing list