SSH LocalCommand

Well, in my constant pursuit of improving what can be done with ssh, I achieved a milestone that I've been wanting for a while now.

This afternoon I was able to get the ssh command's "LocalCommand" option to automatically execute the specified command after successfully authenticating to the remote system. This means that I can issue a single ssh command that will both 1) connect to the remote system with port forwarding and 2) launch rdesktop connecting to the forwarded port.

The following command will 1) ssh to bastionHost forwarding (local) traffic to the locally bound aaa.bbb.ccc.ddd IP and port 3389 to the remote aaa.bbb.ccc.ddd IP and port 3389, and 2) automatically launch a rdesktop connection to aaa.bbb.ccc.ddd port 3389 after successfully logging in. Once I close rdesktop, the ssh connection automatically exists. (Note: The ssh connection has already executed the "exit" command, but staying open because the port forwarding is in use.) See SSH local port forwarding ... Anycast Style for more details on anycast style port forwarding.

#[user@client:~]$ ssh -L aaa.bbb.ccc.ddd:3389:aaa.bbb.ccc.ddd:3389 -o LocalCommand="rdesktop aaa.bbb.ccc.ddd &" bastionHost exit
Autoselected keyboard map en-us

So, I could put together a script like this to make RDPing to aaa.bbb.ccc.ddd (or a name that resolves to that IP) a bit easier.

ip addr add aaa.bbb.ccc.ddd/32 dev lo
ssh -L aaa.bbb.ccc.ddd:3389:aaa.bbb.ccc.ddd:3389 -o LocalCommand="rdesktop aaa.bbb.ccc.ddd &" bastionHost exit
ip addr delete aaa.bbb.ccc.ddd/32 dev lo

Why would I want to do this? Good question. Here's what I believe to be a good answer. - In my day job, I support multiple systems in a nested star topology network, (effectively) with out routes between them. That means that I have to hop system to system to system to get to where I ultimately want to be to work on the problem at hand. Some of what I do can be accessed through a SOCKS server, but that has it's own issues, not the least of which are that not all programs play well with SOCKS, either directly or indirectly. Most notably: Citrix ICA client, Dell KVM client, RSA / IMM cards. Further, I have some other programs that I have to periodically run that fail in some weird way with SOCKS. - Don't get me wrong, I really do like SOCKS and what it can do when used properly. - However, SOCKS is not the end all be all answer for the environment that I'm supporting.

Instead, I have found that using the SSH local port forwarding ... Anycast Style works quite well. Especially when dealing with the clients that don't like SOCKSification. So, I simply bind the remote IP address locally, then all the problem programs have to do is use classic IP routing to connect to the IP in question, which is bound locally, and SSH forwards the traffic to the remote end, where ever it may be.

Now, rather than having to manually set this up and have more windows open in the background / minimized, I can simply run a script with the three lines above to ""RDP to the remote IP. Naturally, I'll put this script in my ~/bin directory, which is in my path, so all I have to do is open an xterm and run the script and let it take care of things for me.

See also:
SSH local port forwarding ... Anycast Style