Re: how to force an ssh client timeout

From: Brian Hatch (bri_at_ifokr.org)
Date: 09/11/04

  • Next message: Filip Fafara: "SSH tunelling"
    Date: Fri, 10 Sep 2004 16:49:57 -0700
    To: k l <yoda_2732002@yahoo.com>
    
    
    

    > I need to do this on the ssh client side e.g. if I
    > can not log into a given machine in 10 seconds
    > I want to terminate/close the connection and move
    > on to the next machine. Please note that you may
    > get/establish a TCP connection to the remote server but it
    > may, for some reason, just stay/hang there and
    > you may not be able to log in

    Set up in your ssh connection a local port forward. Test
    in 10 seconds if this forward is alive. If not, kill the connection.

    Here's some perl-style pseudo code:

            sub sshto {
                    $host=@_;

                    if ( fork ) {
                            wait
                    }
                    $sshpid = fork();
                    if ( $sshpid ) {
                            sleep 10;
                            use IO::Socket;
                            if ( IO::Socket::INET->new(
                                   Proto => "tcp",
                                   PeerAddr => "localhost",
                                   PeerPort => $LOCALPORT
                             ) {
                                     exit;
                             } else {
                                     kill 9, $sshpid
                             }
                     } else {
                             exec "ssh -L $LOCALPORT:localhost:22 $SSH_ARGS $host"
                    }
            }

    Since the forward won't exist until ssh has logged in, you should
    be able to catch if it's dead or not.

    -- 
    Brian Hatch                  "When I met him, he was
       Systems and                sullied and tainted.  But
       Security Engineer          now he has been purified
    http://www.ifokr.org/bri/     in the fires of passion."
                                  -- Bree
    Every message PGP signed
    
    



  • Next message: Filip Fafara: "SSH tunelling"

    Relevant Pages

    • Re: SSH Connection Time Problems
      ... > FreeBSD 4.5-Stable box to my web hosting company's servers, ... It takes over a minute to establish a connection, ... I was able to get an SSH connection directly to them ... Try adding the following rule to your IPFW rule set. ...
      (FreeBSD-Security)
    • Re: Somewhat OT -- Looking for ideas on how to test status of SSH TCP tunnel
      ... > I am planning on setting up a TCP tunnel through an SSH connection ... > This tunnel will be used to provide a connection between a Perforce ... > The OS for Korean proxy server will be Redhat FC3 using OpenSSH. ...
      (Fedora)
    • Re: ipfw, natd, and keep-state - strange behavior?
      ... > # Deny ACK packets that did not match the dynamic rule table ... initiating an ssh connection with an external ... > the rule for my external ip, though, only gets the lifetime value from the ... > when i remove the word "setup" from rule 640, though, ssh connection does ...
      (FreeBSD-Security)
    • Somewhat OT -- Looking for ideas on how to test status of SSH TCP tunnel
      ... I am planning on setting up a TCP tunnel through an SSH connection ... tunnel will be used to provide a connection between a Perforce Proxy ... server in Korea and our main Perforce server in the US. ...
      (Fedora)
    • Re: ssh port forwarding problem
      ... I mean that the connection works fine for a while (I can continuously surf ... > SS> ssh connection will drop sometimes in a matter of minutes. ... > debug output from the server. ...
      (comp.security.ssh)