[PATCH] Expose remote forwarding ports as environment variable

Darren Tucker dtucker at zip.com.au
Fri May 17 23:30:03 EST 2013


On Fri, May 17, 2013 at 10:53 PM, Nico Schottelius <
nico-openssh-unix-dev at schottelius.org> wrote:

> Unfortunately there are various problems with this approach,
>

Markus actually added support to ProxyCommand to allow it to use stdin and
stdout directly so you can make ssh talk back to an sshd on the "client"
end via a pair of named pipes.  It's a bit Rube Goldberg but knowing Markus
I don't doubt it works.

1) on the client create a pair of named pipes
2) have ssh #1 on the client invoke a controlmaster ssh -N #2 on the server
with the latter using "ProxyCommand=-". Redirect ssh #1's stdio to and from
the named pipes and background it.

client$ ssh <fromssh >tossh -T -y server ssh -y -N -T -MS/tmp/ctl
-oProxyCommand=- client &

3) start and sshd on the client with its stdin connected to those named
pipes:

client$ /usr/sbin/sshd -i -f < $fromssh > $tossh

4) on the server, use the control socket to talk to the sshd running on the
"client".
server$ ssh -S /tmp/ctl client

You could probably use socat on the machine to connect stdio on ssh and
sshd on the client which might be cleaner.  In either case there's no
listening port for someone else to stumble apon.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list