Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SSH tunnel management script
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Voltago
Advocate
Advocate


Joined: 02 Sep 2003
Posts: 2538
Location: In the city of the dreaming spires

PostPosted: Thu Nov 23, 2006 11:09 pm    Post subject: SSH tunnel management script Reply with quote

Hi all! I hacked together a script for managing ssh tunnels and thought I'd share it. Since right now I have better things to do with my time than hand-holding, try to fix problems with this script yourself if you encounter them.

Prerequisites: ssh client + a ssh server you can connect to via public key authentication.
Limitations: Remote and local ports have to have the same number for now. Error reporting is non-existing right now. You need to have public key authentication working to avoid the ssh password prompt.

Usage:
1. Put the script 'sshtunnel' (see further down) somewhere in your PATH and make it executable
2. Run sshtunnel to create initial config files
2. Create a profile: Copy ~/.sshtunnel/profiles/example to ~./sshtunnel/profiles/yourprofile and fill in real parameters. Use ~/.sshtunnel/profiles/default for default values, which are overridden by profile values (even empty ones!).
3. Start a tunnel
Code:
sshtunnel start yourprofile

4. Use the tunnel
5. Stop the tunnel
Code:
sstunnel stop yourprofile


A common usage for this tool (and indeed the reason why I wrote it) would be to get access to a firewalled license server to run a piece of software:
Code:
#!/bin/bash
sshtunnel start mathematica_profile || exit 1
sleep 1
mathematica
sshtunnel stop mathematica_profile


And at last, the tool itself:
Code:
#!/bin/bash
#sshtunnel script
#last modified 2006/12/08
#consider this script in public domain, i. e. do with it whatever you want

kill_ssh_pid()
{
   ps --format comm $1 | grep -q 'ssh'
   if [ $? ]; then
      kill $1
      return $?
   else
      return 1
   fi
}

CMD="$1"
PNAME="$2"
SVCDIR="$HOME/.sshtunnel"
PDIR="$SVCDIR/profiles/"
PROFILE="$PDIR/$PNAME"
RUN="$SVCDIR/run/$PNAME"

if [ ! -f "$PDIR/default" ]; then
   echo "Creating configuration files in '$PDIR'..."
   mkdir -p "$PDIR"
   mkdir -p "$SVCDIR/run"
   cat << EOF > $PDIR/default
#Set default configuration values for the sshtunnel tool.
#Profile configurations override these settings.

GATEWAY=""
GATEWAY_USER=""
TARGET=""
PORT=""
EOF


   cat << EOF > "$PDIR/example"
#This is an example profile for the sshtunnel tool
#Put a '#' in front of parameters which shall be read from the 'default' file

#TARGET is a computer with a service you want to access
TARGET="some.machine.behind.firewall"

#GATEWAY is a computer that has a running ssh server and access to TARGET
GATEWAY="some.machine.you.can.access"

#GATEWAY_USER is the user account you need on the GATEWAY machine
GATEWAY_USER="your_account_on_gateway"

#PORT is the port of the service you want to access on TARGET computer
PORT="1701"
EOF
fi

case "$CMD" in
   start);;
   stop);;
   status);;
   *)
   echo "Usage: sshtunnel start|stop|status PROFILE"
   exit 1
   ;;
esac

if [ ! -f "$PROFILE" ]; then
   echo "Tunnel profile '$PNAME' not found"
   exit 1
fi

case "$CMD" in
   start)
if [ -f "$RUN" ]; then
   echo "Tunnel '$PNAME' is already open"
   exit 1
fi

source "$PDIR/default"
source "$PROFILE"

if [ -z "$GATEWAY" ]; then
        echo "Tunnel profile '$PNAME' has no GATEWAY set"
        exit 1
fi

if [ -z "$TARGET" ]; then
        echo "Tunnel profile '$PNAME' has no TARGET set"
   exit 1 
fi

if [ -z "$PORT" ]; then
   echo "Tunnel profile '$PNAME' has no PORT set"
   exit 1
fi

if [ -z "$GATEWAY_USER" ]; then
        echo "Tunnel profile '$PNAME' has no GATEWAY_USER set"
   exit 1
fi

nohup ssh -l $GATEWAY_USER -N -L $PORT:$TARGET:$PORT $GATEWAY &> /dev/null &
PID="$!"

echo "$PID" > "$RUN"
;;
   stop)
if [ ! -f "$RUN" ]; then
   echo "Tunnel '$1' is not open"
   exit 1
fi

PID="`cat $RUN`"
#echo "PID: $PID"
kill_ssh_pid "$PID"
rm "$RUN"

;;
   status)
   echo -n "Tunnel '$PNAME' is "
   if [ -f "$RUN" ]; then
      echo "open"
   else
      echo "closed"
   fi
   ;;

   *)
   echo "Usage: sshtunnel start|stop|status PROFILE"
;;
esac


Last edited by Voltago on Fri Dec 08, 2006 7:01 pm; edited 6 times in total
Back to top
View user's profile Send private message
ryker
Guru
Guru


Joined: 28 May 2003
Posts: 412
Location: Portage, IN

PostPosted: Fri Dec 08, 2006 3:22 pm    Post subject: Reply with quote

I think this script might be useful for me; however, I'm not sure how to use it. Step 1 references something called sshtunnel. At first I thought that was the name of your script; however, you mention grabbing the sshtunnel example profile. So I then assumed you meant a package called sshtunnel. Running 'emerge -s tunnel' shows 7 results, none of which are sshtunnel.
Where can I get sshtunnel?
_________________
Athlon 64 3200+, 80G WD sata hd + 200G IDE, 1G Geil DDR400, MSI K8T Neo
IntelCore2Duo 2.0Ghz MSI laptop,100G SATA hd, 2G RAM
Back to top
View user's profile Send private message
Voltago
Advocate
Advocate


Joined: 02 Sep 2003
Posts: 2538
Location: In the city of the dreaming spires

PostPosted: Fri Dec 08, 2006 6:57 pm    Post subject: Reply with quote

Sorry, my post was a bit misleading in that respect. 'sshtunnel' is indeed the script printed above.
Back to top
View user's profile Send private message
thauer
n00b
n00b


Joined: 28 Aug 2004
Posts: 22
Location: Switzerland

PostPosted: Mon Dec 11, 2006 4:16 pm    Post subject: Reply with quote

I found that the standard ssh config is quite adequate for the definition of these kind of "profile"s. In your example you would have something like:
Code:
~/.ssh/config:
[...]
Host mathematica_profile
  HostName             <GATEWAY>
  User                 <GATEWAY_USER>
  LocalForward         localhost:<PORT> <TARGET>:<PORT>
  ExitOnForwardFailure yes
[...]
(Obviously one can have as many "profile" definitions in the ssh config as needed) Then you would start a tunnel like:
Code:
ssh -Nf mathematica_profile
You can wrap it in a service to keep track of the PID if it's important that you can close it easily. Alternatively, of course, you can omit the -f option and kill the tunnel with Ctrl-C when you don't need it.
And if you need it for one program only then:
Code:
ssh -f mathematica_profile sleep 10; mathematica
The tunnel is kept open until 10 seconds minimum but will stay open as long as mathematica needs it.
Back to top
View user's profile Send private message
Voltago
Advocate
Advocate


Joined: 02 Sep 2003
Posts: 2538
Location: In the city of the dreaming spires

PostPosted: Mon Dec 11, 2006 5:20 pm    Post subject: Reply with quote

Nice. Didn't know this, thanks.
Back to top
View user's profile Send private message
nadavraj
n00b
n00b


Joined: 17 Dec 2006
Posts: 1

PostPosted: Sun Dec 17, 2006 9:41 pm    Post subject: Hi Reply with quote

10X ! :)
_________________
Funny Cats
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum