OpenSSH PATCH: OpenCommand and CloseCommand

Ben Lindstrom mouring at etoh.eviladmin.org
Fri Aug 27 00:41:21 EST 2004



On Thu, 26 Aug 2004, Clifford Wolf wrote:

> On Thu, Aug 26, 2004 at 09:05:50AM -0500, Ben Lindstrom wrote:
> > > the attached patch adds support for the keywords "OpenCommand" and
> > > "CloseCommand" to ssh_config. They are commands which are executed before
> > > the connection is established (or ProxyCommand started) and after the
> > > connection has been closed (or ProxyCommand ended).
> > >
> > > this is usefull for stuff like portknocking or (that's what I wrote the
> > > patch for) talking with trapdoor2 (http://oss.linbit.com/trapdoor2/).
> >
> > The ProxyCommand should run for the length of the ssh session.  Why can't
> > you implement it fully using that?  Seems to make more sense.
>
> Running the "to-do-before-stuff", running netcat, running the "to-do-
> afterwards-stuff" ? No, that's not nice. If the connection itself is just a
> plain TCP session ssh should do it on it's own imo ..
>

$ cat MyProxy.sh
#!/bin/ksh
RunKnockSoftware
netcat $1 $2 $3
RunUnKnockSoftware
$

Along with "ProxyCommand MyProxy.sh .."

Please tell me how something like this fails?  Don't care if you dislike
it or not.  We want to know WHY it is soo much better to implement a
pre/post proxy instead of doing something like that above?

If it is technical reason then it should be looked at and considered to be
resolved.

- Ben




More information about the openssh-unix-dev mailing list