ssh tunneling suite

Bruce Korb bruce.korb at
Mon Jan 19 10:05:20 EST 2009


Over the past few years, I've needed to establish a robust
tunnel from work to home, trying to make it as secure as I can.
Ultimately, I wound up developing three programs of varying
complexity.  Basically, every time I learned some new thing
that made it work better either for the sake of security or
robustness, I glued it into this stuff.   It took too much
work and research to get all the parameters to play nice.
Anyway, I'm offering it ups under a BSD license so it can be
improved and so I don't have to maintain it just for myself.

The three things are:

1. a daemon on the server that keeps trying to connect to a
   remote node/work station.  It must invoke ssh with all
   those strange parameters to establish the tunnel.

2. a wont-do-anything-at-all login shell for the only user
   allowed to login on the work station.  It parses it's
   "command" (the argument after the "-c") as some options,
   including a host name and port number.  It journals
   its activities in /var/log/noopsh and creates a file in
   /var/run/noopsh/${hostname} containing the port number.
   This file is removed "atexit(3C)".

3. The tssh program (Tunneled-Secure-SHell) that resolves
   the host argument by looking for it in /var/run/noopsh
   and getting the correct port number from that file.

Had I had such a thing, it would have saved me a lot of
research and futzing around.  So, if you-all have a place for
such an addon, I'll polish it a bit and send it along.

Cheers - Bruce

p.s. they all come with man pages.

More information about the openssh-unix-dev mailing list