{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Fickle 薄情 的问题《ssh tunnel for local (not remote) command executio》','https://www.manongdao.com/q-784031.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want to create a Linux shell (bash-) script which creates an SSH tunnel, runs a local command which uses that tunnel and finally closes the tunnel and the surrounding SSH connection.
To make this less difficult to explain consider there is a local SSH configuration to a host called 'remoteserver' containing a local private key without a password, so
ssh remoteserver -L 4444:targetserver:5555
would directly open a connection to the remote server and create a tunnel from the local port 4444 to a target server. And consider the local command would be localclient --port 4444, how would a script look like that opens the tunnel, executes the local command and closes the tunnel after the local client application is finished?
As it should be possible to keep other parallel ongoing SSH connections, I don't want something like sudo killall ssh.
You can try something like
The tunnel will close itself automatically after $TIMEOUT seconds. Note that using the
&is only valid with passwordless connections. Otherwise you need to use the-fflag of SSH.Alternatively,
will kill the tunnel just after
localclientexecutes. Note that this will not work with the-fflag because the process double forks.An
ssh-only solution (does not work for me)The second suggestion of @damienfrancois is adquate, but for some reason I did not like the idea of having to
killsomething.Also, I could not believe
sshhas no built-in mechanism for this. And indeed it has. This is how things should work:But for some reason, this did not work as expected for me: I first tried with something simple like
wfor theLocalCommandbut the-Nmade the command hang, so I usedsleep 0instead, which appeared to work.But when I inserted my actual network command, the result ran extremely slowly. Instead of finishing in less than one second, it took 40 seconds before even the start message appeared. I terminated the command after 20 minutes.
A pipe solution (works for me)
After some experimentation, this is what I now use:
where
keepalive.shon the remote side is this:The
sleep 0.5is needed to make (sort of) sure the tunnel is set up beforelocalclientstarts (and for a far-away or slowremoteserver, you may need a longer wait). The tunnel is terminated as soon aslocalclientfinishes because the shell terminates the pipe as soon as the second command closes its standard input.Is this better than @damienfrancois's solution? Depends.
The need for
keepalive.shis a clear drawback, but the way in which the tunnel is cleared away no matter how and whylocalclientterminates is cleaner.I need this in a
Makefilecontext and like the fact it fits on a single line.