Christoph Anton Mitterer
2014-Oct-30 23:56 UTC
ssh_config way to run command before connecting or "around" the connection?
Hi. Is there a way via ssh_config (i.e. not talking about shell script wrappers around ssh, which of course could somehow do the job) to start a command before ssh connects? I think about e.g. a command (or series of commands) that does provide the necessary credentials (e.g. kinit, aklog) or perhaps does some port knocking on the remote server to open up ssh. Even better would be (well especially with looking at kerberos) to have and additional option to have the actual session process started by another command, e.g. k5start[0] or krenew[0]. That would make it much easier to handle connections that go to different realms. Perhaps at least the later can be done with ProxyCommand? Thanks, Chris. [0] http://www.eyrie.org/~eagle/software/kstart/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5313 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141031/6c50b44f/attachment.bin>
Iain Morgan
2014-Oct-31 00:58 UTC
ssh_config way to run command before connecting or "around" the connection?
On Fri, Oct 31, 2014 at 00:56:57 +0100, Christoph Anton Mitterer wrote:> Hi. > > Is there a way via ssh_config (i.e. not talking about shell script > wrappers around ssh, which of course could somehow do the job) to start > a command before ssh connects? > > I think about e.g. a command (or series of commands) that does provide > the necessary credentials (e.g. kinit, aklog) or perhaps does some port > knocking on the remote server to open up ssh. > > > Even better would be (well especially with looking at kerberos) to have > and additional option to have the actual session process started by > another command, e.g. k5start[0] or krenew[0]. > That would make it much easier to handle connections that go to > different realms. > > > Perhaps at least the later can be done with ProxyCommand? >The traditional answer would be "use a shell script or alias." However, in some cases you could probably abuse ProxyCommand to do your bidding -- keeping in mind that its stdio is connected to the ssh process. If you are using the latest OpenSSH, you might also be able to abuse teh "Match exec" support. However, I'm not sure if that will work if the command requires user input. I suspect that it won't. -- Iain Morgan