[PATCH] Expose remote forwarding ports as environment variable
Nico Schottelius
nico-openssh-unix-dev at schottelius.org
Fri May 17 05:53:44 EST 2013
Darren Tucker [Thu, May 16, 2013 at 04:16:01PM +1000]:
> On Wed, May 15, 2013 at 11:45:23PM +0200, Nico Schottelius wrote:
> > Good evening gentlemen,
> >
> > the attached patch against openssh 6.2p1 exposes remote
> > forwarding ports to the remote shell:
>
> That's not going to be entirely accurate because the environment is
> inherited at the time the shell is started, but port forwards can be
> added and deleted at any time (either via escape sequences or the
> control socket).
That's a very good point, although I believe that the majority
of remote port forwardings is defined using -R and is never changed
in almost any cases.
That said, I'd propose to change the variable name to reflect
this and/or add a hint to the manpage describing this behaviour.
> Taking the example from your web page, you can already do what you want
> via the control socket:
>
> $ ssh -Nf -MS/tmp/ctl localhost
> $ p=`ssh -S/tmp/ctl -O forward -R 0:127.0.0.1:22 localhost`
> Allocated port 24647 for remote forward to 127.0.0.1:22
> $ ssh -S/tmp/ctl localhost "echo do something with port $p"
> do something with port 24647
> $ ssh -S/tmp/ctl -O exit localhost
This is not exactly what I'm trying to accomplish.
I am sorry, I may have not made my intention clear enough.
My objective is to be able to connect back to the client
directly after the connection has been established from
the server, most likely using the authorized_keys file.
Let me show you an example:
controlhost:~cdist/.ssh/authorized_keys:
command="cdist callback",no-pty ssh-dss...
targethost% ssh -R 0:localhost:22 cdist at controlhost cdist callback
cdist callback then uses the first value found in
$SSH_REMOTE_FORWARDING_PORTS and connects to that port to
configure the target host.
As pointed out by Alex, the patch I've provided solves the problem
to manage this for a possibly huge number of targethosts.
Without this patch, it's a guess and hack to find out how to
connect back.
I do think that for most use cases it is sufficient to only consider
the remote port forwardings as given on the command line. The
extension to support multiple remote port forwardings
is in my opinion already a nice to have.
Hope this makes it more clear.
Cheers,
Nico
--
PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0
More information about the openssh-unix-dev
mailing list