1

At the end of my hosts.allow I have the following:

ALL : ALL \
 : spawn (echo  "%d" | /usr/bin/mail -s "tcpf\: %d attempt from %h." root) & \
 : severity auth.info \
 : twist /bin/echo "You are not welcome to use %d from %h."`

But this appears to simply put that text into my auth.log:

mail sshd[63546]: twist 12.34.56.789 to /bin/echo "You are not welcome to use sshd from 12.34.56.789."

On the client side, I only see "Connection closed by remote host" and I do not see the output of the echo. There is nothing in man -k twist

Jakuje
  • 9,145
  • 2
  • 40
  • 44
lbutlr
  • 113
  • 6

1 Answers1

0

The manual page for hosts_options(5) explains the twist command in tcp_wrappers:

twist shell_command

Replace the current process by an instance of the specified shell command, after performing the % expansions described in the hosts_access(5) manual page. Stdin, stdout and stderr are connected to the client process. This option must appear at the end of a rule.

The problem is that SSH is not just a text protocol, but expects some protocol messages and if it does not receive them, it will fail. If you would run the ssh in debug mode (ssh -v), you would see the following:

debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: ssh_exchange_identification: You are not welcome to use sshd from ::1.

ssh_exchange_identification: read: Connection reset by peer

So the message is really send, but since it was not correct SSH banner, it fails. There is no simple way how to inject your messages into ssh protocol. You would probably need to accept this behavior.

Community
  • 1
Jakuje
  • 9,145
  • 2
  • 40
  • 44