[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-unix-dev
Subject:    Re: possibility of a RemoteCommand option in the ssh config file
From:       Ángel González <keisial () gmail ! com>
Date:       2016-09-28 21:19:19
Message-ID: 57EC33D7.8050904 () gmail ! com
[Download RAW message or body]

Paulmier wrote:
> Hi,
>
> About one year ago, someone (Simon Zack) asked about a RemoteCommand
> option.
>
> His question did not encounter a large amount of answers, maybe because
> Simon himself did not answer to a question from Darren Tucker about his use
> case ? However, I think I have a use case pretty close to Simon's one:
>
> Let's imagine a host named 'lxc.host.example.org', hosting many LXC
> containers named '<cont>.lxc.host.example.org'.
> With a RemoteCommand option, working pretty much the same as the
> ProxyCommand one, we could write something like:
>
> $ cat ~/.ssh/config
> Host host.lxc.example.org
>      RequestTTY force
>
> Host *.host.lxc.example.org
>      Hostname host.lxc.example.org
>      RemoteCommand lxc-attach -n %h --
>
> That way, we would be able to attach to containers, without the need to run
> sshd inside each container, by running:
>
> $ ssh mycontainer.host.lxc.example.org
>
> A bit of difference with the ProxyCommand behaviour, though: the %h macro
> should expand to the host that was requested on the cli; not the one
> specified with Hostname.
You should use %n for that.

I like your use case, although you could the same thing (in a more 
convoluted configuration)
using ForceCommand on the ssh key at the authorized_keys of

host.lxc.example.org


Cheers

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]