RE: Thanks and Suggestions
- From: Chris Mirchandani <novashadow@xxxxxxx>
- Date: Sat, 28 Feb 2009 23:44:32 -0500
Response to the response to suggestions 3 & 4. 1) In a way these functions are already security holes as anyone with access to the system with the forwards can access these ports and based on how they are presented in PS, they are relatively easy to locate. The program or option to ssh I suggest would be based on user access. A user could only see the details of forwards and tunnels created using his/her own username or a username for which he/she has a password. The root user would be able to see them all. 2) In most cases, the remote service will be password protected and in a unsecured system, this should always be the case.
Of course this brings up another suggestion, forwards that are per user limited.
Response to the response to my question. I would want the STDIN, STDOUT and STDERR for the remote command to be the same as if I ran it locally. Would changed the STDIN, STDOUT and STDERR of the local call command and not the remote command do what I want?
Date: Sat, 28 Feb 2009 03:28:18 -0800_________________________________________________________________
Subject: Re: Thanks and Suggestions
I am not an OpenSSH developer...
On Fri, Feb 27, 2009 at 8:03 PM, Chris Mirchandani wrote:
3) Maybe this already exits, so maybe this is not a request. Would like an easy to use
command that lets us see all the forwards and tunnels on a computer. I should be
able to limit to one or multiple types, local, remote, dynamic, remote dynamic (if
my request is added), tunnels initiated locally and tunnels initiated remotely. Should
be options for all forwards only, all tunnels only everything and if you could use the
inclusive options and exclude ones you do not want in the list. It would be great if
I could set a specific log just for this and so that ever time thius changes it updates
that log with the change or all the connections with the changes highlighted. e.g.
added in front of each that was added and removed for those that were closed. No,
gSTM (http://sourceforge.net/projects/gstm/) is not an alternative for what I am suggesting.
I believe this would be a huge security information leak. And would
4) Command that can show all ssh connections, remote and local.
If you need more than what "ps" or "netstat -anp", then I will refer
you to my answer to
Is there a way to send a command via ssh that stays open even if the the ssh session
that created it closes? I have this figured out already, I think, but my problem is that my
ssh session does not close like it normally does after a command is run and completed.
So maybe my real question is, how do I do this and have the ssh session close after the
command is run? e.g. If I run the following command, I get output and the ssh command
closes. Of course the command I am running in this example, has an end, but the one I
want to use does not.
ssh -p 4731 root@localhost netstat -an | egrep "tcp.*:3731.*LISTEN"
However, if run one of the following commands, the remote command works, but am
not returned to the command prompt. I have to kill the ssh connection to be returned to
a prompt and the remote command stays running after I kill the initial connection, but
this does not help me in a script.
$ ssh -p 4731 root@localhost 'ssh -q -N -D 1873 -p 3731 sshd@localhost &'
$ ssh -p 4731 root@localhost ssh -q -N -f -D 1873 -p 3731 sshd@localhost
Btw, the fact that I am using localhost does not mean that all connections are to the
same computer. The ports are forwards. I know I can send the local command to the
background, but there is no need to keep it open, i want to to close like it does with
ssh -p 4731 root@localhost netstat -an | egrep "tcp.*:3731.*LISTEN".
OpenSSH will close its connection, when no-one else has the terminal/pipe open.
This means more than just backgrounding the job. ("&")
You must redirect STDIN, STDOUT and STDERR to somewhere else and background
Sat Feb 28 03:18:38 PST 2009
$ ssh joe@xxxxxxxxxxx "sleep 1000 < /dev/null> /dev/null 2>&1 &"
Sat Feb 28 03:18:41 PST 2009
So, with that, I redirected STDIN ("< /dev/null") and STDOUT (">
made STDERR (2) go to the same place as STDOUT (1) ("2>&1"). Then the whole
command gets backgrounded ("&").
And, did Galoka think the Ulus were too ugly to save?
Windows Live™ Contacts: Organize your contact list.
- Re: Thanks and Suggestions
- From: Robert Hajime Lanning
- Re: Thanks and Suggestions
- Next by Date: Re: Thanks and Suggestions
- Next by thread: Re: Thanks and Suggestions