How can I make a one-shot sshd process?

1

I'm trying to find some invocation of sshd (OpenSSH on Ubuntu) that accepts only one connection, and then terminates the sshd process when that one connection closes.

I see nothing in the sshd docs that would indicate that this is intrinsically possible, so I was thinking that it might be possible to rig up nc as a one-shot proxy, but that doesn't seem to solve the problem where the sshd process continues running after the connection has closed.

Anyone have any ideas?

ipmcc

Posted 2015-11-19T17:05:03.473

Reputation: 123

Sounds awfully XY-ish. What are you actually trying to achieve?

– Daniel B – 2015-11-19T17:15:04.537

Running sshd on an instance in a cluster and connecting to it. On this cluster job/instance lifecycle is tied to the lifetime of the launched process. I want to spawn the instance, connect to it once, and then have it automatically die when the client disconnects. I guess the "only one connection" thing isn't strictly required, but, the bottom line is that the sshd process needs to die when the last client connection goes away. – ipmcc – 2015-11-19T17:21:13.393

Answers

3

Running sshd in debug mode makes it accept only one connection and then quit, as stated in manual page for sshd:

-d

Debug mode. The server sends verbose debug output to standard error, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for debugging for the server. Multiple -d options increase the debugging level. Maximum is 3.

This is typical use case for debugging, if you run the server like this:

/usr/sbin/sshd -d

Jakuje

Posted 2015-11-19T17:05:03.473

Reputation: 7 981

Wow. I had tried that, but it appeared to keep living, so I moved on. Must have been some other problem, because it's working now. Thanks! – ipmcc – 2015-11-19T17:57:53.497

1

Perhaps you can use pam for that. In your /etc/pam.d directory find a file related to SSH (in my case, it's called sshd on a Ubuntu Trusty machine). Edit it and add a line like this:

session     optional    pam_exec.so quiet /opt/myscript.sh

That will make the script be called on any login and logout. As you only wish to do an action on logout, the content of the script could be something like this:

#!/bin/sh
if [ "$PAM_TYPE" = "close_session" ]; then
  /etc/init.d/sshd stop
fi

nKn

Posted 2015-11-19T17:05:03.473

Reputation: 4 960

Asked: 2015-11-19T17:05:03.473

Viewed: 97 times

Active: 2015-11-19T17:32:59.910