Mailing List Archive

On Martes 21 Julio 2009 12:29:44 J. Bakshi escribió:
> Hello list,
>
> I have openssh-client __1:5.1p1-5+b1 installed in my debian box. I have
> remote ssh information stored in my .ssh/config file. I have protected one
> remote ssh by fwknop. When I need ssh login to that particular sever I have
> to open the port with fwknop client installed in my local box. Is there any
> option in sshclient so that It can execute a local command ( here the
> fwknop obviously ) before doing ssh to that remote server ?
>
> Thanks

You can do something like that defining some alias on /etc/bashrc

alias ssh="function dossh { fwknop -A \"tcp/22\" -s -D \$1; /usr/bin/ssh -l
myuser \$1; }; dossh "

Then: ssh myhost

Moreover... for more complex expresion... you can add the user parameter as
$2, add if's if you want, or even use the $@ and extract the hostname from the
parameters to use it on fwknop and use the rest of the argument on -A and ssh
command.


--
Ing. Aaron G. Mizrachi P.

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1

On Wed, 22 Jul 2009 01:27:14 -0430
Aar__n Mizrachi <unmanarc@gmail.com> wrote:

> On Martes 21 Julio 2009 12:29:44 J. Bakshi escribi__:
> > Hello list,
> >
> > I have openssh-client __1:5.1p1-5+b1 installed in my debian box. I
> > have remote ssh information stored in my .ssh/config file. I have
> > protected one remote ssh by fwknop. When I need ssh login to that
> > particular sever I have to open the port with fwknop client
> > installed in my local box. Is there any option in sshclient so that
> > It can execute a local command ( here the fwknop obviously ) before
> > doing ssh to that remote server ?
> >
> > Thanks
>
> You can do something like that defining some alias on /etc/bashrc
>
> alias ssh="function dossh { fwknop -A \"tcp/22\" -s -D
> \$1; /usr/bin/ssh -l myuser \$1; }; dossh "
>
> Then: ssh myhost
>
> Moreover... for more complex expresion... you can add the user
> parameter as $2, add if's if you want, or even use the $@ and extract
> the hostname from the parameters to use it on fwknop and use the rest
> of the argument on -A and ssh command.
>
>

well, using the alias is a brilliant idea, but I have multiple hosts and they have different fwknop encryption password. That's why I stored all the server info at .ssh/config file. It would be helpful if ssh can execute local command for individual host prior to its connection attempt.

Perhaps this approaches what you're trying to do:

http://code.google.com/p/ssh-fwknop/


On 07/22/2009 22:21 +0530, J. Bakshi wrote:
>> On Wed, 22 Jul 2009 01:27:14 -0430
>> Aar__n Mizrachi <unmanarc@gmail.com> wrote:
>>
>> > On Martes 21 Julio 2009 12:29:44 J. Bakshi escribi__:
>> > > Hello list,
>> > >
>> > > I have openssh-client __1:5.1p1-5+b1 installed in my debian box. I
>> > > have remote ssh information stored in my .ssh/config file. I have
>> > > protected one remote ssh by fwknop. When I need ssh login to that
>> > > particular sever I have to open the port with fwknop client
>> > > installed in my local box. Is there any option in sshclient so that
>> > > It can execute a local command ( here the fwknop obviously ) before
>> > > doing ssh to that remote server ?
>> > >
>> > > Thanks
>> >
>> > You can do something like that defining some alias on /etc/bashrc
>> >
>> > alias ssh="function dossh { fwknop -A \"tcp/22\" -s -D
>> > \$1; /usr/bin/ssh -l myuser \$1; }; dossh "
>> >
>> > Then: ssh myhost
>> >
>> > Moreover... for more complex expresion... you can add the user
>> > parameter as $2, add if's if you want, or even use the $@ and extract
>> > the hostname from the parameters to use it on fwknop and use the rest
>> > of the argument on -A and ssh command.
>> >
>> >
>>
>> well, using the alias is a brilliant idea, but I have multiple hosts and they have different fwknop encryption password. That's why I stored all the server info at .ssh/config file. It would be helpful if ssh can execute local command for individual host prior to its connection attempt.
End of included message



--
+----------------------+
| Tim Walberg |
| 830 Carriage Dr. |
| Algonquin, IL 60102 |
| twalberg@comcast.net |
+----------------------+

On Thu, 23 Jul 2009 12:16:46 -0500
Tim Walberg <twalberg@comcast.net> wrote:

> Perhaps this approaches what you're trying to do:
>
> http://code.google.com/p/ssh-fwknop/

Thanks, a nice wrapper.
It will help me to a great extend.
many many thanks.


>
>
> On 07/22/2009 22:21 +0530, J. Bakshi wrote:
> >> On Wed, 22 Jul 2009 01:27:14 -0430
> >> Aar__n Mizrachi <unmanarc@gmail.com> wrote:
> >>
> >> > On Martes 21 Julio 2009 12:29:44 J. Bakshi escribi__:
> >> > > Hello list,
> >> > >
> >> > > I have openssh-client __1:5.1p1-5+b1 installed in my
> >> > > debian box. I have remote ssh information stored in
> >> > > my .ssh/config file. I have protected one remote ssh by
> >> > > fwknop. When I need ssh login to that particular sever
> >> > > I have to open the port with fwknop client installed in
> >> > > my local box. Is there any option in sshclient so that
> >> > > It can execute a local command ( here the fwknop
> >> > > obviously ) before doing ssh to that remote server ?
> >> > >
> >> > > Thanks
> >> >
> >> > You can do something like that defining some alias
> >> > on /etc/bashrc
> >> >
> >> > alias ssh="function dossh { fwknop -A \"tcp/22\" -s -D
> >> > \$1; /usr/bin/ssh -l myuser \$1; }; dossh "
> >> >
> >> > Then: ssh myhost
> >> >
> >> > Moreover... for more complex expresion... you can add the
> >> > user parameter as $2, add if's if you want, or even use
> >> > the $@ and extract the hostname from the parameters to
> >> > use it on fwknop and use the rest of the argument on -A
> >> > and ssh command.
> >> >
> >> >
> >>
> >> well, using the alias is a brilliant idea, but I have
> >> multiple hosts and they have different fwknop encryption
> >> password. That's why I stored all the server info
> >> at .ssh/config file. It would be helpful if ssh can execute
> >> local command for individual host prior to its connection
> >> attempt.
> End of included message
>
>
>

On Jul 23, 2009, at 12:51 AM, J. Bakshi wrote:

> well, using the alias is a brilliant idea, but I have multiple hosts
> and they have different fwknop encryption password. That's why I
> stored all the server info at .ssh/config file. It would be helpful
> if ssh can execute local command for individual host prior to its
> connection attempt.


the unix philosophy is "do one thing and do it well". the shell is the
traditional place to handle glue problems like this. e.g., if only one
of your servers needs to be fwknop'd first, something like this:

#!/bin/sh
test "$1" == sekrit.server && fwknop ...
/usr/bin/ssh $*

fill in the server and the fwknop params, name it "ssh", and put it
somewhere ahead of /usr/bin in your PATH.
--
Aaron Davies
aaron.davies@gmail.com

ProxyCommand is king.

How about this in ~/.ssh/config:

Host secret.server.com
ProxyCommand /some/path/fwknopssh secretfwknopparam %h
Host othersecret.server.com
ProxyCommand /some/path/fwknopssh othersecret %h

And then /some/path/fwknopssh being:

#!/bin/bash
param=$1
host=$2
# Do something with $param, e.g. run fwknop. I just:
echo $param > /tmp/fwknop
nc -w 1 $host 22

I got the "secretfwknopparam" and "othersecret" to end up in /tmp/fwknop
before logging in to the servers.

Does that work for you?

Peter
--
Peter Valdemar Mørch
http://www.morch.com

Thanks to all of you for your suggestions. I have finally solved it. Simplicity is beauty and we can solve complex problem with simple tricks. I have modified my self-designed sshmanager script to knock with fwknop if the remote host has fwknop server.

Just see the configuration of .ssh/config

.ssh/config
````````````````````
Host example1
....
....


Host example2
#fwknop -A 22/tcp -R -D remoteserver.com
Hostname remoteserver.c

Host exampl3
.......
`````````````````````````````

Here is the function I have added in my sshmanager script

````````````````````````````
check_fwknop()
{
# Check if the Host is protected by fwknop by checking the next line
# Note: If you have fwknop configureation place it just next to Host
#(commented by # )
# at .ssh/config file

fwknop_status=`sed -n "/$ssh_Server/,+1 p" ~/.ssh/config \
|grep fwknop | sed -e 's/#//g'`

if [ ! -z "$fwknop_status" ]
then
echo `$fwknop_status` 1 > /dev/null
fi
}
`````````````````````````````````

The trick is, if the server has fwknop then add the fwknop configuration ( following #) at the next line of concerened Host name. The function check the next line of Host and if it found fwknop there then execute it before doing ssh.

Simplicity is beauty.



On Fri, 24 Jul 2009 00:53:44 +0200
"Peter Valdemar M__rch (Lists)" <4ux6as402@sneakemail.com> wrote:

> ProxyCommand is king.
>
> How about this in ~/.ssh/config:
>
> Host secret.server.com
> ProxyCommand /some/path/fwknopssh secretfwknopparam %h
> Host othersecret.server.com
> ProxyCommand /some/path/fwknopssh othersecret %h
>
> And then /some/path/fwknopssh being:
>
> #!/bin/bash
> param=$1
> host=$2
> # Do something with $param, e.g. run fwknop. I just:
> echo $param > /tmp/fwknop
> nc -w 1 $host 22
>
> I got the "secretfwknopparam" and "othersecret" to end up
> in /tmp/fwknop before logging in to the servers.
>
> Does that work for you?
>
> Peter