[PATCH] Expose remote forwarding ports as environment variable

Nico Schottelius nico-openssh-unix-dev at schottelius.org
Sat May 18 00:09:32 EST 2013


Darren Tucker [Fri, May 17, 2013 at 11:30:03PM +1000]:
> On Fri, May 17, 2013 at 10:53 PM, Nico Schottelius <
> nico-openssh-unix-dev at schottelius.org> wrote:
> 
> > Unfortunately there are various problems with this approach,
> >
> 
> Markus actually added support to ProxyCommand to allow it to use stdin and
> stdout directly so you can make ssh talk back to an sshd on the "client"
> end via a pair of named pipes.  It's a bit Rube Goldberg but knowing Markus
> I don't doubt it works.
> 
> 1) on the client create a pair of named pipes
> 2) have ssh #1 on the client invoke a controlmaster ssh -N #2 on the server
> with the latter using "ProxyCommand=-". Redirect ssh #1's stdio to and from
> the named pipes and background it.
> 
> client$ ssh <fromssh >tossh -T -y server ssh -y -N -T -MS/tmp/ctl
> -oProxyCommand=- client &
> 
> 3) start and sshd on the client with its stdin connected to those named
> pipes:
> 
> client$ /usr/sbin/sshd -i -f < $fromssh > $tossh
> 
> 4) on the server, use the control socket to talk to the sshd running on the
> "client".
> server$ ssh -S /tmp/ctl client
> 
> You could probably use socat on the machine to connect stdio on ssh and
> sshd on the client which might be cleaner.  In either case there's no
> listening port for someone else to stumble apon.

That is but a very cool solution. I must admit, I've not considered
this approach beforehand.

I must confess that I like this approach, not just because it's very
advanced and creative usage,

Independently of this, I was wondering, if my supplied patch could be
applied anyhow, because I think it makes ssh callback easier to
access.

Cheers,

Nico

-- 
PGP key: 7ED9 F7D3 6B10 81D7 0EC5  5C09 D7DC C8E4 3187 7DF0


More information about the openssh-unix-dev mailing list