[PATCH] Expose remote forwarding ports as environment variable
Nico Schottelius
nico-openssh-unix-dev at schottelius.org
Sat May 18 00:09:32 EST 2013
Darren Tucker [Fri, May 17, 2013 at 11:30:03PM +1000]:
> On Fri, May 17, 2013 at 10:53 PM, Nico Schottelius <
> nico-openssh-unix-dev at schottelius.org> wrote:
>
> > Unfortunately there are various problems with this approach,
> >
>
> Markus actually added support to ProxyCommand to allow it to use stdin and
> stdout directly so you can make ssh talk back to an sshd on the "client"
> end via a pair of named pipes. It's a bit Rube Goldberg but knowing Markus
> I don't doubt it works.
>
> 1) on the client create a pair of named pipes
> 2) have ssh #1 on the client invoke a controlmaster ssh -N #2 on the server
> with the latter using "ProxyCommand=-". Redirect ssh #1's stdio to and from
> the named pipes and background it.
>
> client$ ssh <fromssh >tossh -T -y server ssh -y -N -T -MS/tmp/ctl
> -oProxyCommand=- client &
>
> 3) start and sshd on the client with its stdin connected to those named
> pipes:
>
> client$ /usr/sbin/sshd -i -f < $fromssh > $tossh
>
> 4) on the server, use the control socket to talk to the sshd running on the
> "client".
> server$ ssh -S /tmp/ctl client
>
> You could probably use socat on the machine to connect stdio on ssh and
> sshd on the client which might be cleaner. In either case there's no
> listening port for someone else to stumble apon.
That is but a very cool solution. I must admit, I've not considered
this approach beforehand.
I must confess that I like this approach, not just because it's very
advanced and creative usage,
Independently of this, I was wondering, if my supplied patch could be
applied anyhow, because I think it makes ssh callback easier to
access.
Cheers,
Nico
--
PGP key: 7ED9 F7D3 6B10 81D7 0EC5 5C09 D7DC C8E4 3187 7DF0
More information about the openssh-unix-dev
mailing list