openssh unix dev - Dec 2014 - [PATCH] LocalPreCommand: Support for executing command before ssh connection (like port knock before ssh)

Hi guys,

I've made a patch adding LocalPreCommand to ssh_config. It mimics
behaviour of LocalCommand, but is executed right before the connection
is opened. This makes possible e.g. to integrate ssh with port
knocking. It also removes "-oPermitLocalCommand=no" from scp allowing
the same functionality to be used for file transfers.

Applies cleanly on vanilla OpenSSH 6.7p1.
http://software.klolik.org/patches/openssh+localprecommand.diff

Best regards,
Bartlomiej Korupczynski

On Sun, 21 Dec 2014, Bart?omiej Korupczynski wrote:
> Hi guys,
> 
> I've made a patch adding LocalPreCommand to ssh_config. It mimics
> behaviour of LocalCommand, but is executed right before the connection
> is opened. This makes possible e.g. to integrate ssh with port
> knocking. It also removes "-oPermitLocalCommand=no" from scp
allowing
This can be done using a shell script, shell alias, shell function or
other wrapper without touching ssh.

-d

2014-12-23 2:15 GMT+01:00 Damien Miller <djm at
mindrot.org>:
> On Sun, 21 Dec 2014, Bart?omiej Korupczynski wrote:
>
>> Hi guys,
>>
>> I've made a patch adding LocalPreCommand to ssh_config. It mimics
>> behaviour of LocalCommand, but is executed right before the connection
>> is opened. This makes possible e.g. to integrate ssh with port
>> knocking. It also removes "-oPermitLocalCommand=no" from scp
allowing
>
> This can be done using a shell script, shell alias, shell function or
> other wrapper without touching ssh.
Well, not exactly. When using ControlMaster, connection is setup once,
thus the LocalPreCommand is also called only once. Having mixed
ControlMaster for some hosts and not for others makes headache. Been
there, done that. Wrapping with functions/aliases make unnecessary
mess around, especially having many hosts with different setups. To be
really transparent, it would require parsing ssh command line to
search for host name.