Do you need a certain shell program for Proxy Forwarding? - linux

I am trying to set up a secure proxy for my work. This article perm linksuggests I should be using SSH Tunnel + SOCKS Proxy Forwarding. Do I need to have access to a particular shell program on the server, or any shell program will do? I have bash, tcsh, and zsh available.
Long version of the question here.

You run ssh -D 9999 username#ip-address-of-ssh-server on your local machine. You don't need anything else on the remote end except a shell to login to. So bash, tcsh, or zsh is fine.
Once you run your ssh -D command, it's going to look just like you've ssh'ed to "ip-address-of-ssh-server" without the -D 9999 flag. You'll be in a shell and you'll see a command prompt on the remote machine. You can just leave it alone. You'll just need to setup your browser to use SOCKS proxy at localhost:9999.

Use bash because of its popularity/ubiquity. The majority of examples you'll find will use this syntax.
But ssh's feature set are independent of the shell used.

Related

Passing $PS1 over ssh

I couldnt find answer to this althougth there are many similar questions.I wanted to change colour of my linux command prompt based on the remote host i have ssh to.Since bash environment variables are not preserved over ssh,so how could i do this.There are hundreds of server i login everyday.So changing /.bashrc of each remote host is not possible.is there a way i can pullout a script which can be called each time ssh is done.Can someone please give in detail of which file and how it should be edited.gnome,openssh etc are not supprted.
during ssh execution,a new login shell was executed.
during shell login the *rc files are not executed,only *profile was executed.
so place your code in /etc/profile or ~/.bash_profile.
"Since bash environment variables are not preserved over ssh..."
man ssh
Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
“VARNAME=value” to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).

How to run shell script in another server in a script?

No where online can i find a way to run a shell script on a remote server from another script. This is for automation, so the script on the host machine will automatically trigger another script on a different server. The server that my script will ssh to will either have a password prompt or have RSA key pair set up
Thanks!
Just pass the command as an argument to ssh.
ssh someserver /path/to/some/script.bsh
Let's say you want to execute a script on node2 but you have your script on node1 file name of script is sp over location /home/user/sp. Simply
ssh node2 < /path-of-the-script-including-the-filename
Another way, using expect package.
Disclaimer: This you can use for testing environments since it has an
open password. but depends on your usecase
If your server does not have expect, you may add the package then. run the command. You can also put this command inside an .sh script.
expect -c 'spawn ssh user#10.11.12.13 "/path/to/my.sh"; expect "assword:"; send "Y0urp#ssw0rd\r"; interact'

pull a ssh results to variable

if I ssh to another linux env, and run a command that gives me a result, can I grab that ssh result and store it locally? I have a ksh script that run locally on one linux box right now, but I need to get some parameters from another linux box into that script.
Sure, ssh is a command just like any other, but this will be trickier if you want to ssh interactively and do it, but this could work:
var=$(ssh user#host command_with_output)
then $var will show the output of command_with_output
All this works best if ssh doesn't require a password as well

Is there any way to run a script on any SSH connect/disconnect?

I'd like to change my terminal color depending on ssh connected HOSTNAME.
I know how to modify the terminal, but how can I instrument ssh to add hooks?
I could wrap the ssh command with a shell function, or replace the binary, but its used as a dependency by other apps, and I would rather not do that.
You can use LocalCommand feature of OpenSSH when connecting to a remote server:
LocalCommand
Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed
with the user's shell. The following escape character substitutions will be performed: ‘%d’ (local user's home directory), ‘%h’ (remote host name), ‘%l’ (local host
name), ‘%n’ (host name as provided on the command line), ‘%p’ (remote port), ‘%r’ (remote user name) or ‘%u’ (local user name).
The command is run synchronously and does not have access to the session of the ssh(1) that spawned it. It should not be used for interactive commands.
This directive is ignored unless PermitLocalCommand has been enabled.
There is probably no easy way to execute a command when ending a connection with a remote server though apart from writing a ssh wrapper.
A Wrapper around SSH may be your best bet, even though you have discounted it. However almost every program lets you specify the 'ssh' command they use.
In my I own case I have a 'r' command to replace 'ssh' which performs account lookups (username and host aliases and DNS expansion without relying on the 'DNS resolver domain list', amoungst other things). These Are my notes to get various programs to call 'r' instead of 'ssh'.
scp
No config or environment variables, you must use option "-Sr"
scp -Sr ...
rsync
set environment variable
RSYNC_RSH="r -x"
unison
In ".unison/default.prf"
sshcmd = r
sshargs = -q -x
cssh
In ".clusterssh/config"
ssh=r
ssh_args= -x -o ConnectTimeout=10
multixterm
Use multixterm -xc "r %n" hostname...
vim netrw (file explorer)
Have it use the "rsync" command (set above)...
vim rsync://hostname/
OR for vim scp://hostname/...
In ".vimrc" configuration, redefine scp command to use.
let g:netrw_list_cmd="r USEPORT HOSTNAME ls -Fa1"
let g:netrw_scp_cmd="scp -Sr -q"
My 'r' script decodes all SSH arguments, I have seen used, and even handles very OLD "rsync" commands that placed more options AFTER the hostname! (Yes, I have been using this script a long time)

Inherit environment variable in ssh session?

I need to deal with a lot of remote machines, and each machine shares a global environment variable (
like CONTROLLER_IP). When I try to ssh to the remote machine, I would like to set the CONTROLLER_IP
according to current localhost setting. is there any way to make it happen?
Example:
In localhost host, I set ofc1=192.168.0.1, and ofc2=192.168.1.1
and I need to ssh to ofs1, ofs2.
I would like to do something like:
CONTROLLER_IP=$ofc1 ssh root#ofs1; CONTROLLER_IP=$ofc2 ssh root#ofs2
then I will get the CONTROLLER_IP setting in each ssh session.
(the code shown above does not work...)
In /etc/sshd_config on the server you can define the list of accepted environment variables using the AcceptEnv setting, and then you can send environment variables like this:
CONTROLLER_IP=$ofc1 ssh -o SendEnv=CONTROLLER_IP root#ofs1
But this seems a bit overkill for your purposes.
The alternative is to pass the variables in the remote command, like this:
ssh root#ofs1 "CONTROLLER_IP=$ofc1 somecmd"
Or if you run multiple remote commands then like this:
ssh root#ofs1 "export CONTROLLER_IP=$ofc1; cmd1; cmd2; cmd3; ..."
If you need to quote the value of the variable, you can do like this:
ssh root#ofs1 "CONTROLLER_IP='$ofc1' somecmd"
Try
ssh root#ofs1 "env CONTROLLER_IP=$ofc1 somescript"
(assuming $ofc1 is evaluated to some IP address like 12.234.56.178 without spaces or naughty characters)
or perhaps
ssh root#ofs1 "env CONTROLLER_IP='$ofc1' somescript"
if $ofc1 could contain spaces or naughty characters
where somescript is a script on the remote machine ofs1; if you want an interactive shell try
ssh root#ofs1 "env CONTROLLER_IP='$ofc1' /bin/bash"
At last, ssh is usually setting some environment variables (on the remote machine), notably the SSH_CONNECTION one. You could use it on the remote machine. Its third field is the IP address of the origin host (the one on which you do the ssh ...). So perhaps the .bashrc on the remote host might contain
if [ -n "$SSH_CONNECTION" ]; then
export CONTROLLER_IP=$(echo $SSH_CONNECTION|cut -f3 -d' ')
fi
better yet, replace the CONTROLLER_IP occurrences in your remote scripts with something using SSH_CONNECTION

Resources