ssh_config: specify command to be executed on the remote machine upon login
Clash Royale CLAN TAG#URR8PPP
This is an expansion of my earlier question. I need to run a locally-stored command (i.e. mount /home
) on a remote machine upon ssh login. At the moment, I am using:
ssh -t mymachine.example.com 'mount /home ; /bin/bash'
which works fine, but I was wondering whether I could put this command into my .ssh/config
so that I don't have to type it every time. I found a LocalCommand
option, but I don't see any RemoteCommand
option.
It is importand that the command-to-be-executed
be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile
on the remote machine.
ssh
add a comment |
This is an expansion of my earlier question. I need to run a locally-stored command (i.e. mount /home
) on a remote machine upon ssh login. At the moment, I am using:
ssh -t mymachine.example.com 'mount /home ; /bin/bash'
which works fine, but I was wondering whether I could put this command into my .ssh/config
so that I don't have to type it every time. I found a LocalCommand
option, but I don't see any RemoteCommand
option.
It is importand that the command-to-be-executed
be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile
on the remote machine.
ssh
add a comment |
This is an expansion of my earlier question. I need to run a locally-stored command (i.e. mount /home
) on a remote machine upon ssh login. At the moment, I am using:
ssh -t mymachine.example.com 'mount /home ; /bin/bash'
which works fine, but I was wondering whether I could put this command into my .ssh/config
so that I don't have to type it every time. I found a LocalCommand
option, but I don't see any RemoteCommand
option.
It is importand that the command-to-be-executed
be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile
on the remote machine.
ssh
This is an expansion of my earlier question. I need to run a locally-stored command (i.e. mount /home
) on a remote machine upon ssh login. At the moment, I am using:
ssh -t mymachine.example.com 'mount /home ; /bin/bash'
which works fine, but I was wondering whether I could put this command into my .ssh/config
so that I don't have to type it every time. I found a LocalCommand
option, but I don't see any RemoteCommand
option.
It is importand that the command-to-be-executed
be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile
on the remote machine.
ssh
ssh
edited Apr 13 '17 at 12:36
Community♦
1
1
asked Sep 21 '13 at 7:40
Martin VegterMartin Vegter
27437126240
27437126240
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
This question has been asked before on SuperUser. The first answer uses a remote file that doesn't fit your requirements, but the second answer that suggests to use a local alias could be the solution to your problem.
It is importand that the command-to-be-executed be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile on the remote machine.
This is probably not safe. If I use an echo
command as a ssh command, it shows up in ps
on the remote server:
martin@martin ~ % ssh dev2 "echo hello; ps aux|grep echo"
hello
root 25358 0.0 0.0 5848 1296 ? Ss 11:27 0:00 bash -c echo hello; ps aux|grep echo
root 25362 0.0 0.0 5012 828 ? S 11:27 0:00 grep echo
thanks, but in the solution on SuperUser~/.ssh/rc
is stored again on the remote machine. Regarding your comment aboutps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access tops
.
– Martin Vegter
Sep 21 '13 at 18:23
6
Thatps
output is from the remote machine. The point is: everything you supply tossh
as a remote command will show up on the remote server inps
.
– Martin von Wittich
Sep 21 '13 at 18:37
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
add a comment |
This was added in OpenSSH 7.6:
add RemoteCommand option to specify a command in the ssh config file
instead of giving it on the client's command line. This allows the
configuration file to specify the command that will be executed on the
remote host.
ref: https://www.openssh.com/txt/release-7.6
add a comment |
You can do this with the cooperation of the remote machine as follows.
On your local machine, stuff the command to run in the environment variable LC_SSH_INITIAL_COMMAND
. SSH is usually configured to pass all environment variables of the form LC_*
, because those are normally locale settings.
On the remote machine, run eval "$LC_SSH_INITIAL_COMMAND"
via the per-key settings in ~/.ssh/authorized_keys
or from ~/.ssh/rc
(beware that if you have a ~/.ssh/rc
file, you need to take care of running xauth
manually for X11 forwarding).
With the authorized_keys
method, you can similarly run a command when the SSH session exits (unless the shell process is killed abruptly; you should at least trap the HUP signal so that your command is executed even if the connection dies).
However this is not a good arrangement for doing something global like mounting a filesystem. You'll need to take care not to mount again if the filesystem is already mounted (for example due to a concurrently-running SSH command), and not to unmount on logout. My recommendation for this use case is still to do the mounting explicitly, then run remote commands without doing anything special, and unmount when you no longer want to access that filesystem.
add a comment |
RequestTTY yes
RemoteCommand screen -UDr
add a comment |
I have not tried it but an approach could be
- Declare a
Subsystem
on the remotesshd_config
that executes the command you want by reading some env vars - Use
SendEnv
on the local.ssh/config
to pass such keys to the remote server
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f91747%2fssh-config-specify-command-to-be-executed-on-the-remote-machine-upon-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
This question has been asked before on SuperUser. The first answer uses a remote file that doesn't fit your requirements, but the second answer that suggests to use a local alias could be the solution to your problem.
It is importand that the command-to-be-executed be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile on the remote machine.
This is probably not safe. If I use an echo
command as a ssh command, it shows up in ps
on the remote server:
martin@martin ~ % ssh dev2 "echo hello; ps aux|grep echo"
hello
root 25358 0.0 0.0 5848 1296 ? Ss 11:27 0:00 bash -c echo hello; ps aux|grep echo
root 25362 0.0 0.0 5012 828 ? S 11:27 0:00 grep echo
thanks, but in the solution on SuperUser~/.ssh/rc
is stored again on the remote machine. Regarding your comment aboutps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access tops
.
– Martin Vegter
Sep 21 '13 at 18:23
6
Thatps
output is from the remote machine. The point is: everything you supply tossh
as a remote command will show up on the remote server inps
.
– Martin von Wittich
Sep 21 '13 at 18:37
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
add a comment |
This question has been asked before on SuperUser. The first answer uses a remote file that doesn't fit your requirements, but the second answer that suggests to use a local alias could be the solution to your problem.
It is importand that the command-to-be-executed be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile on the remote machine.
This is probably not safe. If I use an echo
command as a ssh command, it shows up in ps
on the remote server:
martin@martin ~ % ssh dev2 "echo hello; ps aux|grep echo"
hello
root 25358 0.0 0.0 5848 1296 ? Ss 11:27 0:00 bash -c echo hello; ps aux|grep echo
root 25362 0.0 0.0 5012 828 ? S 11:27 0:00 grep echo
thanks, but in the solution on SuperUser~/.ssh/rc
is stored again on the remote machine. Regarding your comment aboutps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access tops
.
– Martin Vegter
Sep 21 '13 at 18:23
6
Thatps
output is from the remote machine. The point is: everything you supply tossh
as a remote command will show up on the remote server inps
.
– Martin von Wittich
Sep 21 '13 at 18:37
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
add a comment |
This question has been asked before on SuperUser. The first answer uses a remote file that doesn't fit your requirements, but the second answer that suggests to use a local alias could be the solution to your problem.
It is importand that the command-to-be-executed be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile on the remote machine.
This is probably not safe. If I use an echo
command as a ssh command, it shows up in ps
on the remote server:
martin@martin ~ % ssh dev2 "echo hello; ps aux|grep echo"
hello
root 25358 0.0 0.0 5848 1296 ? Ss 11:27 0:00 bash -c echo hello; ps aux|grep echo
root 25362 0.0 0.0 5012 828 ? S 11:27 0:00 grep echo
This question has been asked before on SuperUser. The first answer uses a remote file that doesn't fit your requirements, but the second answer that suggests to use a local alias could be the solution to your problem.
It is importand that the command-to-be-executed be stored on the local machine, as it will contain password to open an encrypted disk. That is the reason why I cannot put the command into .profile on the remote machine.
This is probably not safe. If I use an echo
command as a ssh command, it shows up in ps
on the remote server:
martin@martin ~ % ssh dev2 "echo hello; ps aux|grep echo"
hello
root 25358 0.0 0.0 5848 1296 ? Ss 11:27 0:00 bash -c echo hello; ps aux|grep echo
root 25362 0.0 0.0 5012 828 ? S 11:27 0:00 grep echo
edited Mar 20 '17 at 10:18
Community♦
1
1
answered Sep 21 '13 at 9:29
Martin von WittichMartin von Wittich
10.1k33257
10.1k33257
thanks, but in the solution on SuperUser~/.ssh/rc
is stored again on the remote machine. Regarding your comment aboutps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access tops
.
– Martin Vegter
Sep 21 '13 at 18:23
6
Thatps
output is from the remote machine. The point is: everything you supply tossh
as a remote command will show up on the remote server inps
.
– Martin von Wittich
Sep 21 '13 at 18:37
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
add a comment |
thanks, but in the solution on SuperUser~/.ssh/rc
is stored again on the remote machine. Regarding your comment aboutps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access tops
.
– Martin Vegter
Sep 21 '13 at 18:23
6
Thatps
output is from the remote machine. The point is: everything you supply tossh
as a remote command will show up on the remote server inps
.
– Martin von Wittich
Sep 21 '13 at 18:37
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
thanks, but in the solution on SuperUser
~/.ssh/rc
is stored again on the remote machine. Regarding your comment about ps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access to ps
.– Martin Vegter
Sep 21 '13 at 18:23
thanks, but in the solution on SuperUser
~/.ssh/rc
is stored again on the remote machine. Regarding your comment about ps
showing my command line parameters (including the password), that does not bother me. It is the remote machine that I don't trust. My local machine is only used by myself, so nobody else has access to ps
.– Martin Vegter
Sep 21 '13 at 18:23
6
6
That
ps
output is from the remote machine. The point is: everything you supply to ssh
as a remote command will show up on the remote server in ps
.– Martin von Wittich
Sep 21 '13 at 18:37
That
ps
output is from the remote machine. The point is: everything you supply to ssh
as a remote command will show up on the remote server in ps
.– Martin von Wittich
Sep 21 '13 at 18:37
1
1
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
Yes, you are right. Thanks for pointing this out.
– Martin Vegter
Sep 21 '13 at 19:04
1
1
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
@MartinvonWittich - Each SE site is independent so it's completely acceptable for each site to have similar Q's and A's so long as they're on topic for that particular site. It's encouraged to copy content if a Q comes up and the A is on another SE site. Customize it as appropriate so it's on topic.
– slm♦
Sep 21 '13 at 22:54
add a comment |
This was added in OpenSSH 7.6:
add RemoteCommand option to specify a command in the ssh config file
instead of giving it on the client's command line. This allows the
configuration file to specify the command that will be executed on the
remote host.
ref: https://www.openssh.com/txt/release-7.6
add a comment |
This was added in OpenSSH 7.6:
add RemoteCommand option to specify a command in the ssh config file
instead of giving it on the client's command line. This allows the
configuration file to specify the command that will be executed on the
remote host.
ref: https://www.openssh.com/txt/release-7.6
add a comment |
This was added in OpenSSH 7.6:
add RemoteCommand option to specify a command in the ssh config file
instead of giving it on the client's command line. This allows the
configuration file to specify the command that will be executed on the
remote host.
ref: https://www.openssh.com/txt/release-7.6
This was added in OpenSSH 7.6:
add RemoteCommand option to specify a command in the ssh config file
instead of giving it on the client's command line. This allows the
configuration file to specify the command that will be executed on the
remote host.
ref: https://www.openssh.com/txt/release-7.6
answered Oct 9 '17 at 17:12
Camden NarztCamden Narzt
16113
16113
add a comment |
add a comment |
You can do this with the cooperation of the remote machine as follows.
On your local machine, stuff the command to run in the environment variable LC_SSH_INITIAL_COMMAND
. SSH is usually configured to pass all environment variables of the form LC_*
, because those are normally locale settings.
On the remote machine, run eval "$LC_SSH_INITIAL_COMMAND"
via the per-key settings in ~/.ssh/authorized_keys
or from ~/.ssh/rc
(beware that if you have a ~/.ssh/rc
file, you need to take care of running xauth
manually for X11 forwarding).
With the authorized_keys
method, you can similarly run a command when the SSH session exits (unless the shell process is killed abruptly; you should at least trap the HUP signal so that your command is executed even if the connection dies).
However this is not a good arrangement for doing something global like mounting a filesystem. You'll need to take care not to mount again if the filesystem is already mounted (for example due to a concurrently-running SSH command), and not to unmount on logout. My recommendation for this use case is still to do the mounting explicitly, then run remote commands without doing anything special, and unmount when you no longer want to access that filesystem.
add a comment |
You can do this with the cooperation of the remote machine as follows.
On your local machine, stuff the command to run in the environment variable LC_SSH_INITIAL_COMMAND
. SSH is usually configured to pass all environment variables of the form LC_*
, because those are normally locale settings.
On the remote machine, run eval "$LC_SSH_INITIAL_COMMAND"
via the per-key settings in ~/.ssh/authorized_keys
or from ~/.ssh/rc
(beware that if you have a ~/.ssh/rc
file, you need to take care of running xauth
manually for X11 forwarding).
With the authorized_keys
method, you can similarly run a command when the SSH session exits (unless the shell process is killed abruptly; you should at least trap the HUP signal so that your command is executed even if the connection dies).
However this is not a good arrangement for doing something global like mounting a filesystem. You'll need to take care not to mount again if the filesystem is already mounted (for example due to a concurrently-running SSH command), and not to unmount on logout. My recommendation for this use case is still to do the mounting explicitly, then run remote commands without doing anything special, and unmount when you no longer want to access that filesystem.
add a comment |
You can do this with the cooperation of the remote machine as follows.
On your local machine, stuff the command to run in the environment variable LC_SSH_INITIAL_COMMAND
. SSH is usually configured to pass all environment variables of the form LC_*
, because those are normally locale settings.
On the remote machine, run eval "$LC_SSH_INITIAL_COMMAND"
via the per-key settings in ~/.ssh/authorized_keys
or from ~/.ssh/rc
(beware that if you have a ~/.ssh/rc
file, you need to take care of running xauth
manually for X11 forwarding).
With the authorized_keys
method, you can similarly run a command when the SSH session exits (unless the shell process is killed abruptly; you should at least trap the HUP signal so that your command is executed even if the connection dies).
However this is not a good arrangement for doing something global like mounting a filesystem. You'll need to take care not to mount again if the filesystem is already mounted (for example due to a concurrently-running SSH command), and not to unmount on logout. My recommendation for this use case is still to do the mounting explicitly, then run remote commands without doing anything special, and unmount when you no longer want to access that filesystem.
You can do this with the cooperation of the remote machine as follows.
On your local machine, stuff the command to run in the environment variable LC_SSH_INITIAL_COMMAND
. SSH is usually configured to pass all environment variables of the form LC_*
, because those are normally locale settings.
On the remote machine, run eval "$LC_SSH_INITIAL_COMMAND"
via the per-key settings in ~/.ssh/authorized_keys
or from ~/.ssh/rc
(beware that if you have a ~/.ssh/rc
file, you need to take care of running xauth
manually for X11 forwarding).
With the authorized_keys
method, you can similarly run a command when the SSH session exits (unless the shell process is killed abruptly; you should at least trap the HUP signal so that your command is executed even if the connection dies).
However this is not a good arrangement for doing something global like mounting a filesystem. You'll need to take care not to mount again if the filesystem is already mounted (for example due to a concurrently-running SSH command), and not to unmount on logout. My recommendation for this use case is still to do the mounting explicitly, then run remote commands without doing anything special, and unmount when you no longer want to access that filesystem.
edited Apr 13 '17 at 12:36
Community♦
1
1
answered Sep 22 '13 at 1:56
GillesGilles
540k12810931606
540k12810931606
add a comment |
add a comment |
RequestTTY yes
RemoteCommand screen -UDr
add a comment |
RequestTTY yes
RemoteCommand screen -UDr
add a comment |
RequestTTY yes
RemoteCommand screen -UDr
RequestTTY yes
RemoteCommand screen -UDr
edited Feb 7 at 20:45
kenorb
8,816372109
8,816372109
answered Feb 5 '18 at 12:11
JRGJRG
111
111
add a comment |
add a comment |
I have not tried it but an approach could be
- Declare a
Subsystem
on the remotesshd_config
that executes the command you want by reading some env vars - Use
SendEnv
on the local.ssh/config
to pass such keys to the remote server
add a comment |
I have not tried it but an approach could be
- Declare a
Subsystem
on the remotesshd_config
that executes the command you want by reading some env vars - Use
SendEnv
on the local.ssh/config
to pass such keys to the remote server
add a comment |
I have not tried it but an approach could be
- Declare a
Subsystem
on the remotesshd_config
that executes the command you want by reading some env vars - Use
SendEnv
on the local.ssh/config
to pass such keys to the remote server
I have not tried it but an approach could be
- Declare a
Subsystem
on the remotesshd_config
that executes the command you want by reading some env vars - Use
SendEnv
on the local.ssh/config
to pass such keys to the remote server
answered Feb 19 '18 at 5:27
untoreuntore
535
535
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f91747%2fssh-config-specify-command-to-be-executed-on-the-remote-machine-upon-login%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown