2

I have several hosts in my ~/.ssh/config file, some of which are on my work network. Before accessing those, I need to authenticate myself on that network by running kinit, but I often forget to do that.

Is there a command to run kinit in a 'before hook' on those SSH hosts?

PJSCopeland
  • 2,818
  • 1
  • 26
  • 40

3 Answers3

1

I'm not sure there's exactly such a thing as a 'before hook', but I can see two hacks that could achieve the a similar effect.

Bash Functions (in some init file like .bashrc, .profile, etc)

ssh () 
{ 
    echo "do this before ssh'ing"
    command ssh "$@"
}

The other possibility that I can think on would be the ProxyCommand option. In your ~/.ssh/config:

Host *
  ProxyCommand sh -c 'kinit >&2 && nc %h %p'

Couple of salient points:

  • If you're going to do this, I'd recommend replacing the raw kinit, with a script (ensure_kinit.sh perhaps) which checks if running kinit is necessary, and if so running it.
  • If you choose the second option, ensure that you redirect stdout to stderr; stdin and stdout should be kept for SSH Protocol network messages.
  • The latter method will work for other commands such as git, and scp, which use ssh to communicate, while the former will only work for ssh.
Rory Browne
  • 627
  • 1
  • 5
  • 11
0

You could use the bash.rc file. It's run everytime you log in. https://wiki.ubuntuusers.de/bash/bashrc

Mechtecs
  • 3
  • 1
  • Hmm... but I only want to run it when I'm trying to connect to these hosts, not every time I open a new terminal. Also, I only need to run it every so often, since I remain authenticated on the network for (I think) six hours - but I could set up a script that's like "only run `kinit` if it hasn't been run in the last six hours". – PJSCopeland Sep 14 '15 at 21:29
  • ssh -t 'command; bash -l' Source: http://stackoverflow.com/questions/18522647/run-ssh-and-immediately-execute-command – Mechtecs Sep 14 '15 at 21:30
  • Doesn't that run `command` on the *remote* host, *after* it has successfully connected (but before logging in)? My script needs to run *locally*, *before* attempting to connect. – PJSCopeland Sep 14 '15 at 21:33
  • Then write a script that first runs kinit and then connects to all ssh servers at once. – Mechtecs Sep 14 '15 at 21:36
  • Why the hell would I want to connect to all the servers at once? I want something that will enable me to *forget* about `kinit` because it will remember for me. I want to use `ssh` just the same as I would for any other host. – PJSCopeland Sep 14 '15 at 21:37
0

What I have ended up doing is setting up some wrappers around typical workflow.

First, I make sure ./bin is in my PATH.

Then I have a script called ./bin/app-ssh that runs kinit before the ssh call I need.

I also have app-* in my ~/.gitignore_global so that it doesn't get caught up in a shared repo, but a case could be made that these scripts are useful to everybody.

I have set up similar scripts in other apps' bin directories as well. All I need to do then is run app-ssh in whichever app I'm working on, and I don't need to remember any of the setup stuff for each one.

PJSCopeland
  • 2,818
  • 1
  • 26
  • 40