ssh and netcat



Hello,

a while ago, I asked this list about usage of the ProxyCommand. As a
response, Darren Tucker gave me a great suggestion in this post:

http://www.mail-archive.com/secureshell@xxxxxxxxxxxxxxxxx/msg02638.html

I then tried to build upon Darren's idea:

# dns.name is how we find the IP for the gateway to the net
# domain.name is my private name for the network
Host *.domain.name
ProxyCommand /usr/bin/sshproxy dns.name gateway.domain.name %h %p

and here`s the corresponding sshproxy:

#! /bin/sh
extdns=$1
gateway=$2
host=$3
port=$4
DOMAIN=`hostname -d|sed 's/\./\\\./g'`
netcat="netcat -w1 $host $port"
if echo $host | egrep "$DOMAIN$" >/dev/null ; then
# we are already on the target network, no proxy needed
exec $netcat
else
if [ "x$host" = "x$gateway" ] ; then
# we're connecting to the gateway. take in account that it's external
# name is different from the name we called him
exec ssh -o "HostKeyAlias $gateway" $extdns $netcat
else
# we're going behind the gateway. Use the gateway as a hop to the
# real destination.
exec ssh $gateway $netcat
fi
fi

This works great! But there's one drawback: at the end of every session,
a "Killed by signal 1." error is reported. This, of course, gives me a bad
feeling. BTW: the signal number varies, sometimes it is 1, sometimes it
is 2.

I can get rid of this error message by deleting the "exec" keywords from
the above script. But this effectively ignores the error.

So the question is: what causes this "Killed by signal X"? Is it some sort
of incompatibility between ssh and netcat? Or am I using ssh and/or netcat
in a way it was not designed for? Any ideas how to properly get rid of this
error?



Relevant Pages

  • Re: [SLE] tunneling through an intermediate host
    ... The login to the gateway is via ssh. ... Is this so called administrator under ...
    (SuSE)
  • Re: [SLE] tunneling through an intermediate host
    ... SSH to the gateway as usual, setting up a forwarded port to ... >> enable X forwarding on this first connection since it doesn't ... >> sound like you're actually running anything X from the gateway. ...
    (SuSE)
  • Re: iptables: forwarding port to another machine
    ... > I have two machines I would like to be able to ssh into from the internet. ... > the gateway machine you can ssh in from the internet. ... > What I would like is to add to my iptables firewall some rules that would ...
    (comp.os.linux.security)
  • Re: Secure Remote Control
    ... > The problem is that I need to find a low cost solution to be able ... > the Netware servers. ... One solution would be to tunnel your VNC traffic through SSH (which ... fix here may be a gateway SSH server. ...
    (Security-Basics)
  • Changing PATH compiled into sshd
    ... I need to change the default PATH its setting when a user logs in via ssh. ... Essentially I've got a machine that serves as a gateway into a private ... running sshd through /bin/login isn't acceptable since I need X11 ... If I can get the PATH reset I should be good to go. ...
    (comp.security.ssh)