Re: "automatic" port forwarding
From: Lucio Crusca (lcml_at_pixel.it)
Date: Fri, 25 Feb 2005 13:21:36 +0100
Andrew Schulman wrote:
> about this: Have your login script (not /bin/false) determine the
> dynamic port number and echo it back to the client, before it goes to
> sleep. So the client can log in twice. The first time it just logs in
> and reads the port number, then disconnects. Then it logs in a second
> time, this time with the right port forwarding installed (and discarding
> the port number that's echoed back to it again).
Sort of the first thing I tried before facing many problems that lead me to
seek for "automatic" port forwarding.
First problem (my ignorance): how do I read the echoed value on the client?
Suppose the shell script is
-- shellscript.sh --
-- end shellscript.sh --
-- client --
# Now we are logged into server, how do we read the echoed value?
Second problem: when the server chooses a port number, it actually allocates
it to the client.
Following the suggested application logic, each client would have 2
allocated ports at a time, but only 1 would work. There are certainly ways
to detect which one the client is listening (e.g. always the first one),
but the design is quite broken. For example, what if the second connection
fails? Will the next connection be the new second connection or a new first
connection? We can't tell.
My idea was to make the client call different scripts depending on the fact
that it was making the first or the second connection attempt, but this
requires the user to have a shell login on the server only to run those
scripts, which is not wise from a security perspective. Well, I could have
2 users, the first allocates the port, the second sleeps; still, I don't
know how to read the echoed value on the client. Any suggestion?