Re: How to call a remote program through SSH tunnel and pass a local file as parameter?
From: Joachim Schipper (jDOTschipper_at_math.uu.nl)
Date: 02/05/05
- Next message: Darren Tucker: "Re: openssh 3.9.1 can't test RAND_status"
- Previous message: jmv: "openssh 3.9.1 can't test RAND_status"
- In reply to: /dev/null: "Re: How to call a remote program through SSH tunnel and pass a local file as parameter?"
- Next in thread: noi: "Re: How to call a remote program through SSH tunnel and pass a local file as parameter?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 05 Feb 2005 22:09:16 GMT
/dev/null <dev.null@beginthread.com> wrote:
>
> "Peter Meister" <pmeister2@lycos.com> wrote in message
> news:cu0qtu$eko$02$1@news.t-online.com...
>> Ok, If I would have the program on the local machine I could call this
>> from the command line
>> by a statment like
>>
>> myprog myfile.dat
>>
>> Unfortunately the program is on another machine installed. Between the two
>> machines there is an already successfully running SSH connection.
>>
>> How do I call in this scenario the remote progr myprog and pass
>> the local file myfile.dat?
>>
>> cu
>> Peter
>
> It would be really cool if myprog accepts piped data (i.e. cat myfile.dat |
> myprog), then you can do this:
>
> cat myfile.dat | ssh remote_machine "cat | myprog"
>
> if it doesn't, give this a try and mod it as necessary:
>
> cat myfile.dat | ssh remote_machine "cat > ~/myfile.dat; myprog
> ~/myfile.dat"
>
> You'll definitely want rsa keys working if you do this sort of thing often,
> then there's no password prompt.
This is a good solutions; however, there are two security-related
refinements/caveats to consider.
1) Symlink attacks, especially when operating as root (someone issues ln
-s /etc/passwd myfile.dat just before you try this as root... oops! This
is especially easy if you're writing to /tmp and not using GrSecurity)
[this is not really an issue when copying to $HOME, though, so it's more
of a caveat than a problem with the above]
2) Using ssh_agent, it is perfectly viable to have passphrases on your
keys. (Just run eval `ssh-agent` before using ssh, and it works fine.)
There are even scripts that will tunnel all the sessions over a single
connection (I believe fsh will do this), which also grants some speed
increase. Many people seem to think that rsa keys must be created
without passwords to allow passwordless logins.
The first could be taken care of by using a simple script like this:
#!/bin/bash
MYFILE=`mktemp /tmp/myfile.XXXXXX` && \
cat > $MYFILE && \
"$@" $MYFILE || {
echo "Some error occured!" >&2
exit 1
}
Some sophistications to this script include the ability to use something
like %f to include the file in your command line (use sed). This would
allow you to use
cat myfile | ssh ssh.some.host.com 'thisscript myprog'
or
cat myfile | ssh ssh.some.host.com 'thisscript myprog %f'
for the more sophisticated version. Of course, such simple solutions
don't address the case where you actually want to use stdin...
Joachim
- Next message: Darren Tucker: "Re: openssh 3.9.1 can't test RAND_status"
- Previous message: jmv: "openssh 3.9.1 can't test RAND_status"
- In reply to: /dev/null: "Re: How to call a remote program through SSH tunnel and pass a local file as parameter?"
- Next in thread: noi: "Re: How to call a remote program through SSH tunnel and pass a local file as parameter?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
