View previous topic :: View next topic |
Author |
Message |
Voltago Advocate
Joined: 02 Sep 2003 Posts: 2593 Location: userland
|
Posted: Thu Nov 23, 2006 11:09 pm Post subject: SSH tunnel management script |
|
|
Hi all! I hacked together a script for managing ssh tunnels and thought I'd share it. Since right now I have better things to do with my time than hand-holding, try to fix problems with this script yourself if you encounter them.
Prerequisites: ssh client + a ssh server you can connect to via public key authentication.
Limitations: Remote and local ports have to have the same number for now. Error reporting is non-existing right now. You need to have public key authentication working to avoid the ssh password prompt.
Usage:
1. Put the script 'sshtunnel' (see further down) somewhere in your PATH and make it executable
2. Run sshtunnel to create initial config files
2. Create a profile: Copy ~/.sshtunnel/profiles/example to ~./sshtunnel/profiles/yourprofile and fill in real parameters. Use ~/.sshtunnel/profiles/default for default values, which are overridden by profile values (even empty ones!).
3. Start a tunnel
Code: | sshtunnel start yourprofile |
4. Use the tunnel
5. Stop the tunnel
Code: | sstunnel stop yourprofile |
A common usage for this tool (and indeed the reason why I wrote it) would be to get access to a firewalled license server to run a piece of software:
Code: | #!/bin/bash
sshtunnel start mathematica_profile || exit 1
sleep 1
mathematica
sshtunnel stop mathematica_profile |
And at last, the tool itself:
Code: | #!/bin/bash
#sshtunnel script
#last modified 2006/12/08
#consider this script in public domain, i. e. do with it whatever you want
kill_ssh_pid()
{
ps --format comm $1 | grep -q 'ssh'
if [ $? ]; then
kill $1
return $?
else
return 1
fi
}
CMD="$1"
PNAME="$2"
SVCDIR="$HOME/.sshtunnel"
PDIR="$SVCDIR/profiles/"
PROFILE="$PDIR/$PNAME"
RUN="$SVCDIR/run/$PNAME"
if [ ! -f "$PDIR/default" ]; then
echo "Creating configuration files in '$PDIR'..."
mkdir -p "$PDIR"
mkdir -p "$SVCDIR/run"
cat << EOF > $PDIR/default
#Set default configuration values for the sshtunnel tool.
#Profile configurations override these settings.
GATEWAY=""
GATEWAY_USER=""
TARGET=""
PORT=""
EOF
cat << EOF > "$PDIR/example"
#This is an example profile for the sshtunnel tool
#Put a '#' in front of parameters which shall be read from the 'default' file
#TARGET is a computer with a service you want to access
TARGET="some.machine.behind.firewall"
#GATEWAY is a computer that has a running ssh server and access to TARGET
GATEWAY="some.machine.you.can.access"
#GATEWAY_USER is the user account you need on the GATEWAY machine
GATEWAY_USER="your_account_on_gateway"
#PORT is the port of the service you want to access on TARGET computer
PORT="1701"
EOF
fi
case "$CMD" in
start);;
stop);;
status);;
*)
echo "Usage: sshtunnel start|stop|status PROFILE"
exit 1
;;
esac
if [ ! -f "$PROFILE" ]; then
echo "Tunnel profile '$PNAME' not found"
exit 1
fi
case "$CMD" in
start)
if [ -f "$RUN" ]; then
echo "Tunnel '$PNAME' is already open"
exit 1
fi
source "$PDIR/default"
source "$PROFILE"
if [ -z "$GATEWAY" ]; then
echo "Tunnel profile '$PNAME' has no GATEWAY set"
exit 1
fi
if [ -z "$TARGET" ]; then
echo "Tunnel profile '$PNAME' has no TARGET set"
exit 1
fi
if [ -z "$PORT" ]; then
echo "Tunnel profile '$PNAME' has no PORT set"
exit 1
fi
if [ -z "$GATEWAY_USER" ]; then
echo "Tunnel profile '$PNAME' has no GATEWAY_USER set"
exit 1
fi
nohup ssh -l $GATEWAY_USER -N -L $PORT:$TARGET:$PORT $GATEWAY &> /dev/null &
PID="$!"
echo "$PID" > "$RUN"
;;
stop)
if [ ! -f "$RUN" ]; then
echo "Tunnel '$1' is not open"
exit 1
fi
PID="`cat $RUN`"
#echo "PID: $PID"
kill_ssh_pid "$PID"
rm "$RUN"
;;
status)
echo -n "Tunnel '$PNAME' is "
if [ -f "$RUN" ]; then
echo "open"
else
echo "closed"
fi
;;
*)
echo "Usage: sshtunnel start|stop|status PROFILE"
;;
esac |
Last edited by Voltago on Fri Dec 08, 2006 7:01 pm; edited 6 times in total |
|
Back to top |
|
|
ryker Guru
Joined: 28 May 2003 Posts: 412 Location: Portage, IN
|
Posted: Fri Dec 08, 2006 3:22 pm Post subject: |
|
|
I think this script might be useful for me; however, I'm not sure how to use it. Step 1 references something called sshtunnel. At first I thought that was the name of your script; however, you mention grabbing the sshtunnel example profile. So I then assumed you meant a package called sshtunnel. Running 'emerge -s tunnel' shows 7 results, none of which are sshtunnel.
Where can I get sshtunnel? _________________ Athlon 64 3200+, 80G WD sata hd + 200G IDE, 1G Geil DDR400, MSI K8T Neo
IntelCore2Duo 2.0Ghz MSI laptop,100G SATA hd, 2G RAM |
|
Back to top |
|
|
Voltago Advocate
Joined: 02 Sep 2003 Posts: 2593 Location: userland
|
Posted: Fri Dec 08, 2006 6:57 pm Post subject: |
|
|
Sorry, my post was a bit misleading in that respect. 'sshtunnel' is indeed the script printed above. |
|
Back to top |
|
|
thauer n00b
Joined: 28 Aug 2004 Posts: 22 Location: Switzerland
|
Posted: Mon Dec 11, 2006 4:16 pm Post subject: |
|
|
I found that the standard ssh config is quite adequate for the definition of these kind of "profile"s. In your example you would have something like: Code: | ~/.ssh/config:
[...]
Host mathematica_profile
HostName <GATEWAY>
User <GATEWAY_USER>
LocalForward localhost:<PORT> <TARGET>:<PORT>
ExitOnForwardFailure yes
[...] | (Obviously one can have as many "profile" definitions in the ssh config as needed) Then you would start a tunnel like:
Code: | ssh -Nf mathematica_profile | You can wrap it in a service to keep track of the PID if it's important that you can close it easily. Alternatively, of course, you can omit the -f option and kill the tunnel with Ctrl-C when you don't need it.
And if you need it for one program only then:
Code: | ssh -f mathematica_profile sleep 10; mathematica | The tunnel is kept open until 10 seconds minimum but will stay open as long as mathematica needs it. |
|
Back to top |
|
|
Voltago Advocate
Joined: 02 Sep 2003 Posts: 2593 Location: userland
|
Posted: Mon Dec 11, 2006 5:20 pm Post subject: |
|
|
Nice. Didn't know this, thanks. |
|
Back to top |
|
|
nadavraj n00b
Joined: 17 Dec 2006 Posts: 1
|
Posted: Sun Dec 17, 2006 9:41 pm Post subject: Hi |
|
|
10X ! _________________ Funny Cats |
|
Back to top |
|
|
|