Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why is there no native SSH hook to run a local command before connecting
6 points by tetris11 4 months ago | hide | past | favorite | 13 comments
The `LocalCommand` parameter only runs a command on the local machine after the connection is established.

Is there no pre-connection hook?

My use case is simply that I do port knocking to expose my ssh port, and want this working automatically at the SSH config level so that I can use it transparently from other utilities (e.g. Ansible inventory, Emacs over TRAMP)



Besides the ProxyCommand approach, another way would be to define 'ssh' as a shell alias/function that does the port knocking first and then passes any parameters to the normal /usr/bin/ssh.

Or you could make your own 'ssh' shell script somewhere else on the filesystem that handles it for you.


without making it an alias, would this shell script somewhere else be usable by the other applications from the question? if you can provide the specific path rather than the system looking for whatever ssh was installed, then maybe, but i don't know those specifics which makes using the shell script have question marks.


You could either put the script somewhere earlier within the PATH than wherever the normal ssh binary is, or manually export a new PATH with some other custom folder that comes first, which you could use to override anything, e.g. export PATH=/root/bin:$PATH


You can write a script and put it in PATH


OpenSSH was written by and is still maintained by those who adhere to The Unix Way. If you asked for this feature, they would probably tell you to just use a shell alias or function instead.


This [1] is one way.

[1] - https://unix.stackexchange.com/questions/44307/can-ssh-confi...


Can't you use Match exec?


This is a fantastic answer. I'd never heard of the Match exec commands in SSH config. I'll have to play around with this - thank you!


Yea I would consider this very poorly documented, although I'm sure the authors would be quick to point out how dumb I am for even suggesting that.

I bet most ssh users don't even know about the -w option. It even supports layer2 tunnels!

And somehow https://wrongthink.link/posts/all-you-need-is-ssh/ does not even mention this usecase.


I have to admit I'm not certain what use case the -w option serves. It seems like a fancy port forwarding?


It's funny how after using an app like ssh/awk/sed/grep for so many years and achieving so much functionality with it with some pretty "advanced" features is still but a scratch on the surface of actual abilities or what other people do with them. I'd wear it like a badge of honor if I ever created something so useful and universally used. To the point, I'd probably even use my initials in the name of the app too!


Check the section in the manpage for ssh(1) named: SSH-BASED VIRTUAL PRIVATE NETWORKS


noticed these replies in my history... personally I think sshtunnel is a lot more convenient most of the time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: