Q&A highlight
Posted4 months agoActive4 months ago
Ask HN: Why is there no native SSH hook to run a local command before connecting
SSHport knockingconfiguration
Ask HN: Why is there no native SSH hook to run a local command before connecting
No synthesized answer yet. Check the discussion below.
Discussion (13 comments)
Showing 13 comments
Besides the ProxyCommand approach, another way would be to define 'ssh' as a shell alias/function that does the port knocking first and then passes any parameters to the normal /usr/bin/ssh.
Or you could make your own 'ssh' shell script somewhere else on the filesystem that handles it for you.
without making it an alias, would this shell script somewhere else be usable by the other applications from the question? if you can provide the specific path rather than the system looking for whatever ssh was installed, then maybe, but i don't know those specifics which makes using the shell script have question marks.
4 months ago
You can write a script and put it in PATH
4 months ago
You could either put the script somewhere earlier within the PATH than wherever the normal ssh binary is, or manually export a new PATH with some other custom folder that comes first, which you could use to override anything, e.g. export PATH=/root/bin:$PATH
Can't you use Match exec?
This is a fantastic answer. I'd never heard of the Match exec commands in SSH config. I'll have to play around with this - thank you!
Yea I would consider this very poorly documented, although I'm sure the authors would be quick to point out how dumb I am for even suggesting that.
I bet most ssh users don't even know about the -w option. It even supports layer2 tunnels!
And somehow https://wrongthink.link/posts/all-you-need-is-ssh/ does not even mention this usecase.
I have to admit I'm not certain what use case the -w option serves. It seems like a fancy port forwarding?
4 months ago
It's funny how after using an app like ssh/awk/sed/grep for so many years and achieving so much functionality with it with some pretty "advanced" features is still but a scratch on the surface of actual abilities or what other people do with them. I'd wear it like a badge of honor if I ever created something so useful and universally used. To the point, I'd probably even use my initials in the name of the app too!
4 months ago
Check the section in the manpage for ssh(1) named: SSH-BASED VIRTUAL PRIVATE NETWORKS
4 months ago
noticed these replies in my history... personally I think sshtunnel is a lot more convenient most of the time.
4 months ago
This [1] is one way.
[1] - https://unix.stackexchange.com/questions/44307/can-ssh-confi...
4 months ago
OpenSSH was written by and is still maintained by those who adhere to The Unix Way. If you asked for this feature, they would probably tell you to just use a shell alias or function instead.