Re: Creating dynamic tunnels using bash script (cygwin/solaris)
- From: "Wences" <wgrillo@xxxxxxxxx>
- Date: 5 Oct 2006 04:17:09 -0700
Hi,
if you can get this to work:
then perhaps you could prepare a file like this, and give it
ssh solaris "command to figure out what port you want"
ssh -L5900:localhost:thatport solaris
execution permissions:
------------------------------------------------------------
#!/bin/bash
port=$( ssh solaris "command to print out the port number (and nothing
else)" )
ssh -L 5900:localhost:$port solaris
------------------------------------------------------------
This would require the user to login twice with his shell user and
pass, and then with his VNC pass, but with a bit more of work you might
turn it into a script that asks for the user and pass and uses them
twice.
Hope it helps:
Wences
galmok@xxxxxxxxx wrote:
Todd H. skrev:
galmok@xxxxxxxxx writes:
I am trying to create a tunnel via ssh from cygwin to solaris. Normally
I would do something like this (cygwin is my windows box having cygwin
installed and solaris is a solaris based server):
cygwin$ ssh -L5900:localhost:5900 solaris
My problem is that the destination port is unknown at the time I create
the ssh call. Only once I have logged in on solaris can I determine the
destination port.
Why is that? What is it you're forwarding? Perhaps there's another
way to go about it.
A VNC connection. Considering the user doesn't always know in advance
which port their vnc connection runs on, a script to find their display
has been created. And since it is possible to create port forwarding
dynamically using the escape commands, I wanted to create a
user-friendly way for users to launch a viewer to their vnc session.
Sequence of actions: Double-click icon, enter ssh password, enter vnc
password, ready to use.
Does anyone out there have a suggestion/solution?
The easiest way of course would be
ssh solaris "command to figure out what port you want"
ssh -L5900:localhost:thatport solaris
If typing the password becomes a chore, switch to public key auth and
use ssh-agent first to load your key into memory. After that, ssh
commands to solaris would pop through without a password prompt which
is kinda fun.
Yes, I have setup such a system (ssh-agent) for myself but can't expect
my users to do the same. Also, we have no control over the password (if
any) they chose to put on their local key. If they loose their laptop,
an intruder would have an easy time logging on to our system. And the
user would probably not inform us about the loss of their laptop and if
they ssh key was without a password.
But solaris prevents any stdout being sent back when a tty allocation
is forced. That is a huge showstopper. Also, the local cygwin openssh
client manages to redirect stdin from the pipe to the keyboard when
"~C" is sent via the pipe to ssh, making it difficult to enter
information to create the pipe.
I guess I may be able to use forward a fixed port for a particular user
(making sure each user has their own remote port) and have them make a
tunnel on the remote host to the desired port. Problem is that it
requires double the ports on the server and an tunnel program. It would
be nicer if dynamic port allocation could be programmatically achived
(contrary to interactive only as it is now).
.
- Follow-Ups:
- References:
- Prev by Date: Re: Creating dynamic tunnels using bash script (cygwin/solaris)
- Next by Date: Re: Creating dynamic tunnels using bash script (cygwin/solaris)
- Previous by thread: Re: Creating dynamic tunnels using bash script (cygwin/solaris)
- Next by thread: Re: Creating dynamic tunnels using bash script (cygwin/solaris)
- Index(es):
Relevant Pages
|
