update openssh blog article with new methods for callback
Signed-off-by: Nico Schottelius <nico@bento.schottelius.org>
This commit is contained in:
Nico Schottelius
parent
1d6e9bc557
commit
d65daa6de7
1 changed files with 46 additions and 0 deletions
|
|
@ -83,6 +83,52 @@ space separated:
|
||||||
controlhost % echo $SSH_REMOTE_FORWARDING_PORTS
|
controlhost % echo $SSH_REMOTE_FORWARDING_PORTS
|
||||||
59056 1234
|
59056 1234
|
||||||
|
|
||||||
|
### Use socat
|
||||||
|
|
||||||
|
Adapted from a proposal of
|
||||||
|
[Philipp Marek](http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-May/031350.html).
|
||||||
|
|
||||||
|
A different approach is using socat like this:
|
||||||
|
|
||||||
|
targethost% socat TCP:localhost:22,retry=forever "EXEC:ssh controlhost"
|
||||||
|
controlhost% cat .ssh/authorized_keys
|
||||||
|
command="~/myscript 1224" ssh-rsa ...
|
||||||
|
controlhost% cat ~/myscript
|
||||||
|
socat - TCP-LISTEN:1234 &
|
||||||
|
ssh -p 1234 ...
|
||||||
|
|
||||||
|
The drawback with this solution is to use pre-defined ports
|
||||||
|
as well as socat on the targethost exiting after the
|
||||||
|
first connection has been closed. It works for a single shot
|
||||||
|
callback, though.
|
||||||
|
|
||||||
|
### Use ProxyCommand with stdin/stdout
|
||||||
|
|
||||||
|
As proposed by
|
||||||
|
[Darren Tucker](http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-May/031353.html) (some parts are copied & pasted from his original mail):
|
||||||
|
|
||||||
|
# Create fifo/named pipe for sshd
|
||||||
|
targethost% mkfifo sshd_in sshd_out
|
||||||
|
|
||||||
|
# Start ssh on the controlhost from the targethost
|
||||||
|
# and create a control socket. Use ProxyCommand=-
|
||||||
|
# to make use of stdin/stdout for proxying packets through.
|
||||||
|
|
||||||
|
targethost$ ssh <sshd_in >sshd_out -T -y controlhost "ssh -y -N -T -MS/tmp/ctl -oProxyCommand=- targethost" &
|
||||||
|
|
||||||
|
# Start a new sshd on the client, which listens on the newly
|
||||||
|
# created fifos
|
||||||
|
|
||||||
|
targethost$ /usr/sbin/sshd -i -f < sshd_in > sshd_out
|
||||||
|
|
||||||
|
# on the server, use the control socket to talk to the
|
||||||
|
# sshd running on the targethost
|
||||||
|
controlhost% ssh -S /tmp/ctl targethost
|
||||||
|
|
||||||
|
Drawback: Quite complicated setup required, thus probably error prone on day-to-day use.
|
||||||
|
Advantage: Very beautiful use of FIFOs, ssh, controlsockets and proxycommand. A setup
|
||||||
|
every geek must love.
|
||||||
|
|
||||||
## Limitations
|
## Limitations
|
||||||
|
|
||||||
The given patch has some known limitations:
|
The given patch has some known limitations:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue