6

Quite a while ago I got an answer telling me how to add a port-forwarding on a running SSH ControlMaster process. To know that helps a lot, but I'm still missing a way to remove such a port forwarding after I don't need that anymore.

As far as I know, you can do that through the internal command key sequence on normal connections, this seems to be disabled for ControlMaster clients. Even if that would be possible I would need a solution which I can automatize with scripts, which is surely not so easy this way.

Is there a way to do it? And is it easily automatizable?

Community
  • 1
aef
  • 1,705
  • 4
  • 24
  • 41

1 Answers1

6

As my previous answer notes, the ssh man page explains the -O ctl_cmd in detail, where ctl_cmd is one of check, forward, cancel, or exit.

-O ctl_cmd
        Control an active connection multiplexing master process.  When the -O option is
        specified, the ctl_cmd argument is interpreted and passed to the master process.
        Valid commands are: “check” (check that the master process is running), “forward”
        (request forwardings without command execution), “exit” (request the master to
        exit), and “stop” (request the master to stop accepting further multiplexing
        requests).

You can use the ctl_cmd's to accomplish the automation you want for your scripts. You'll need to first create a ControlMaster socket with the -S like and ssh to the remotehost like this:

ssh -v -M -S/tmp/controlmaster-remotehost remotehost

and then from your local machine you can forward and cancel ports as you like. You can forward multiple ports with one command:

ssh -O forward -S/tmp/controlmaster-remotehost -L5555:localhost:22 -L3333:localhost:22 remotehost

and/or handle them one at a time:

ssh -O cancel  -S/tmp/controlmaster-remotehost -L5555:localhost:22 remotehost
ssh -O cancel  -S/tmp/controlmaster-remotehost -L3333:localhost:22 remotehost

I created a gist with a side-by-side session showing the ssh -O ctl_cmd in action; with port forward/cancel from localhost on the left side, and the output of ssh connected to remotehost on the right side:

https://gist.github.com/raw/4265549/999d90b8f85190a41eed00e4d60d5d22da6c67b9/ssh-controlmaster-side-by-side.log

These commands are only available as of OpenSSH 6.0:

 * ssh(1): support for cancelling local and remote port forwards via the
   multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
   to request the cancellation of the specified forwardings
 * support cancellation of local/dynamic forwardings from ~C commandline

If you have an earlier version you'll need to upgrade. If you're on Mac OS X you can install macports and then upgrade using: sudo port install openssh which will install it into /opt/local/bin.

Community
  • 1
aculich
  • 3,520
  • 1
  • 25
  • 33
  • In OpenSSH 5.8p1 the `cancel` command seems not to be existent. When trying to use it on an active ControlMaster process I'm getting the following message: `Invalid multiplex command.` – aef Dec 12 '12 at 14:42
  • 1
    6.0p1 seems to be the first version which supports that command. It's not available on my current OS. – aef Dec 12 '12 at 15:36
  • Yes, you're right it's only available in version 6.0p1 and above. I assume you're using Mac OS X, in which case you can get the newer version with macports. I'll update my answer with the info. – aculich Dec 15 '12 at 06:00
  • Actually I'm running Ubuntu 11.10 and don't trust the updater, nor seems that version to be available through backports. I guess I have to reinstall my system sometime soon. – aef Dec 15 '12 at 15:22
  • Why don't you trust the Ubuntu updater? I have consistently good experiences with it. I think it's a good idea to do a fresh re-install anyway so then you get the advantage of doing an LVM-based install in 12.10 which is a good thing. – aculich Dec 15 '12 at 17:10