Change initial directory based on port of reverse tunnel?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



> ok, so far this sounds like you have some devices out in the field
> which may be behind stateful firewalls, NAT or dynamic addresses and a
> server on a fixed address and you want to be able to connect back to
> these devices in the field.
>
> remotedevice ssh'es into externalhost and presumably keeps the connections up.
> when you want to connect to a device you get onto externalhost and ssh
> to localhost on whatever port corresponds to that device.  so far so
> good.
>

Yeah so this is exactly right.

>
> the id_rsa keys and usernames are all identical?
>

Yes, everything is identical and the only way the external host can
identify a folder of data is by the port number it connects to.

>
> That patch is already in the current version of OpenSSH.  If I'm
> following you then it's not going to help, though (it's about making
> decisions in sshd based on which port the connection is made on,
> however in your scenario you're actually connecting to ssh on
> externalhost, not sshd).

So taking this knowledge which I couldn't find documented in the man
pages but I found elsewhere on the Internet:


remote device /etc/ssh/sshd_config:
Port 22222
Match LocalPort 22222
        Banner /etc/ssh/banner
        ForceCommand /etc/ssh/script

remote device /etc/ssh/script:
#!/bin/sh
PORT="${SSH_CONNECTION##* }"
DIR="/home/remoteuser/$PORT"
mkdir -p "$DIR"
cd "$DIR"
[ -z "$SSH_ORIGINAL_COMMAND" ] && exec bash --login
exec $SSH_ORIGINAL_COMMAND

remote device-- tunnel:
/usr/bin/ssh -i /home/remoteuser/.ssh/id_rsa_for_external_host -Nxn2TR
52000:127.0.0.1:22222 testuser at externalhost

command for externalhost admin/bot
ssh -i id_rsa_for_remote_device -p 52000 remoteuser at localhost
scp -i id_rsa_for_remote_device -P 52000 remoteuser at localhost:testfile .


Now I have the incoming ssh from the external hosts being
transparently placed into the right directory. This is exactly what I
need.  Is there a better way to do what I want or should I just stick
with what works?

Thanks


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux