[Bug 2310] New: functionality to start process before ssh and/or to "wrap" such command around ssh
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Nov 8 12:11:35 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2310
Bug ID: 2310
Summary: functionality to start process before ssh and/or to
"wrap" such command around ssh
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp
Assignee: unassigned-bugs at mindrot.org
Reporter: calestyo at scientia.net
Hi.
This feature request basically evolved out of a post[0] on the
mailinglist, where however no one came up with a really clean solution.
What I basically would want is something like LocalCommand, just that
is run "before".
Now of course starting a command before ssh, can be done via shell
script wrapping and that like.
The disadvantage here is however, that I cannot easily start commands
on a per host basis, unless I write my own parser for SSH config files,
which also takes things like CanonicaliseHostnames into account.
Typical example for starting something *before* ssh would be, e.g.
kinit, that requests a kerberos ticket, or perhaps (for certain special
hosts) brining up some ppp network route or whatever.
But actually "just" starting something before ssh isn't the only thing
I'd wish:
My thinking goes also into "wrapping" another command around ssh,
mainly something like k5start[1] or krenew[1], which would greatly
simply connecting to hosts from different(!) realms.
I'm not sure though, how easy the later can be done,...
If it would work, one might need to take security implications into
account, especially when this is used together with control channel
multiplexing.
I remember, that some things where then fixed for *all* further
connections via that control socket, even if the later ssh wasn't
invoked with such option.
If the same would e.g. apply to transmission of kerberos credentials,
than all further connections could accidentally inherit the credentials
from the first one, started with k5start wrapped around.
Cheers,
Chris.
[0]
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-October/033082.html
[1] http://www.eyrie.org/~eagle/software/kstart/
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list