On Tuesday 17 August 2010 21:49:52 Males, Jess wrote: > -----Original Message----- > From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On > Behalf Of Joke de Buhr Sent: Tuesday, August 17, 2010 2:03 PM > To: secureshell@xxxxxxxxxxxxxxxxx > Subject: Re: Dynamically allocated port on reverse forward > > On Tuesday 17 August 2010 06:59:33 ADFHAU wrote: > > Hi, > > > > > If I invoke ssh this way: > > > ssh -R 0:localhost:22 remote_ssh_server > > > > > > ssh prints a debug message like: > > > Allocated port 40454 for remote forward .... > > > > > > before it drops to the shell. > > > > > > Is there a way of querying the allocated port on the remote site to > > > make it usable within scripts? For example to execute a command via > > > ssh on the origin site in this case. > > > > If you could determine the ancestry of the script process, back to the > > sshd driving it and then look up the pid in lsof or netstat output, > > you could probably do it. > > > > That or if the script had access to logs and the logging level were > > high enough. > > Determine the sshd process can be done via $PPID from thin the login shell: > echo "shell pid: $$, sshd pid: $PPID" > > Unfortunately using lsof -p $PPID (or /proc/$PPID) doesn't work in this > case because the login user doesn't have read permissions to query the > sshd process (not the sshd daemon). Unless lsof is executed as root this > doesn't work. > > ---- > > You probably know this, but to dismiss the simplest stuff first: You can > specify a port, rather than relying on dynamic allocation. Just use a > number instead of 0. If you pick under 1024 you'll have to be logging in > as root on the remote side as those numbers are reserved. Of cause I could use a constant port number. But some of the remote servers are public servers and sometimes I ran into port collisions with other people using the server. That's why a dynamically allocated port would be preferable. It would be nice if ssh would export the allocated port the environment, a query program maybe or something like that. Any way to query the allocated port. > FAILED IDEA: A nifty trick for local forwards to different machines is to > bind them to alternate local interfaces. Example: > /etc/hosts > 127.0.0.2 local2 > 127.0.0.3 local3 > > ssh user@remote -L local2:22:host2:22 -L local3:22:host3:22 > ssh user@local2 # goes to host2 tunneled via initial ssh connection > ssh user@local3 # goes to host3 tunneled via initial ssh connection > > Alas, when I tested remote forwards to alternate interfaces on the remote > machine, the resolution failed. > > ssh user@remote -R 0:local2:22 -R 0:local3:22 > netstat -tl > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 localhost:55313 *:* LISTEN > tcp 0 0 localhost:42267 *:* LISTEN > > The hope was that you'd be able to see: > netstat -tl > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address State > tcp 0 0 local3:55313 *:* LISTEN > tcp 0 0 local2:42267 *:* LISTEN > > You could, of course, just alias 10.0.0.0/8 ip addresses to a local > interface, but that's probably a bit much work. > > As a side note, it seems a major disappointment that there's no escape > sequence to list these. On my Ubuntu 10.4 test machines ~# failed to list > remote forwards. > > Also, if you dynamically forward multiple ports, how do you tell which > dynamically assigned remote port maps to each local port? Maybe ssh could export an environment variable like: SSH_FORWARDED_PORTS="bind_address:port:host:hostport;bind_address:..."
Attachment:
signature.asc
Description: This is a digitally signed message part.
