Thanks to all of you for your suggestions. I have finally solved it. Simplicity
is beauty and we can solve complex problem with simple tricks. I have modified
my self-designed sshmanager script to knock with fwknop if the remote host has
fwknop server.
Just see the configuration of .ssh/config
.ssh/config
````````````````````
Host example1
....
....
Host example2
#fwknop -A 22/tcp -R -D remoteserver.com
Hostname remoteserver.c
Host exampl3
.......
`````````````````````````````
Here is the function I have added in my sshmanager script
````````````````````````````
check_fwknop()
{
# Check if the Host is protected by fwknop by checking the next line
# Note: If you have fwknop configureation place it just next to Host
#(commented by # )
# at .ssh/config file
fwknop_status=`sed -n "/$ssh_Server/,+1 p" ~/.ssh/config \
|grep fwknop | sed -e 's/#//g'`
if [ ! -z "$fwknop_status" ]
then
echo `$fwknop_status` 1 > /dev/null
fi
}
`````````````````````````````````
The trick is, if the server has fwknop then add the fwknop configuration (
following #) at the next line of concerened Host name. The function check the
next line of Host and if it found fwknop there then execute it before doing ssh.
Simplicity is beauty.
On Fri, 24 Jul 2009 00:53:44 +0200
"Peter Valdemar M__rch (Lists)" <[email protected]> wrote:
> ProxyCommand is king.
>
> How about this in ~/.ssh/config:
>
> Host secret.server.com
> ProxyCommand /some/path/fwknopssh secretfwknopparam %h
> Host othersecret.server.com
> ProxyCommand /some/path/fwknopssh othersecret %h
>
> And then /some/path/fwknopssh being:
>
> #!/bin/bash
> param=$1
> host=$2
> # Do something with $param, e.g. run fwknop. I just:
> echo $param > /tmp/fwknop
> nc -w 1 $host 22
>
> I got the "secretfwknopparam" and "othersecret" to end up
> in /tmp/fwknop before logging in to the servers.
>
> Does that work for you?
>
> Peter
