Re: checking ssh tunnels: best practices?
Sorry, I replyed to the wrong topic.
MfG
Marcel
On Thu, 2003-05-22 at 06:32, Marcel Gschwandl wrote:
> Hallo,
>
> I use an ATI Mobility M7 and had nearly the same problem. After the
> upgrade to XF4.2.1 I also had to disable the Option "UseFBDev" "true" in
> the device section. After that everything worked fine.
>
> Greetings
> Marcel
>
> On Thu, 2003-05-22 at 06:02, Tony Godshall wrote:
> > Hi, all.
> >
> > I've got a laptop (yes, I'm on this list, duh). I take it
> > to a jobsite with me, I take it home, I take it to the
> > office. Some places I can connect to the mailserver
> > directly, but at other places I have to ssh through a leased
> > line back to the office.
> >
> > I've got ssh set up with tunnels for one smtp port,
> > three POP ports, a VNC session, etc. I set up exim
> > to send its mail through the tunnel smtp, and set up
> > fetchmail to fetch through the tunnel.
> >
> > The problem is that sometimes these programs don't work
> > right and hassle ensues if I start them up without starting
> > up my ssh session first, or if the ssh session has dropped
> > someplace along the way. A lot of the time I'm working
> > locally, so I might not notice that the tunnel went away,
> > and exim will tell me that the message couldn't be
> > delivered, etc.
> >
> > The hack I've done is to make a little script,
> > port_is_connected, so I can have my mutt-starter script
> > abort with a line like this:
> >
> > port_is_connected $MAIL1SMTP localhost || exit 1
> >
> > ...or less tersely...
> >
> > if ! port_is_connected $MAIL1SMTP localhost
> > then
> > echo "check the ssh tunnel, dammit!"
> > exit 1
> > fi
> >
> > Does this approach make sense, overall?
> >
> > It took me a while to figure out how to do port_is_connected, but
> > eventually I located nmap. This does the job pretty well
> > and is pretty fast:
> >
> > nmap -p $MAIL1SMTP localhost | grep -q open
> >
> > I had been using something like this...
> >
> > ps -ef | grep "ssh.*$MAIL1SMTP"
> >
> > ... but I don't like that much for a variety of reasons.
> >
> > So this is what I came up with for port_is_connected:
> >
> > #!/bin/sh
> >
> > port=""
> > host=""
> > err=""
> >
> > while [ -n "$1" ]
> > do
> >
> > case "$1" in
> >
> > -*)
> > err="$err\nunexpected opt"
> > ;;
> >
> > *)
> > if [ -z "$port" ]
> > then
> > case "$1" in
> > [0-9]*)
> > port="$1"
> > ;;
> > *)
> > err="$err\nhuh? [$1]"
> > ;;
> > esac
> > elif [ -z "$host" ]
> > then
> > host="$1"
> > else
> > err="$err\ntoo many args [$1]"
> > fi
> > ;;
> >
> > esac
> >
> > shift
> >
> > done
> >
> > if [ -n "$err" ]; then printf "ERR$err\n"; exit 2; fi
> >
> > if [ -z "$port" ]; then err="$err\nno port specified"; fi
> >
> > if [ -n "$err" ]; then printf "ERR$err\n"; exit 2; fi
> >
> > if [ -z "$host" ]; then
> > host=localhost
> > printf "no host given; assuming host[$host]\n" >&2
> > fi
> >
> > if nmap -p $port $host | grep -q open
> > then
> > printf "port $host:$port is open: exit 0\n" >&2
> > exit 0
> > else
> > printf "port $host:$port is closed: exit 1\n" >&2
> > exit 1
> > fi
> >
> > So, comments please. Is this a good way to do it, or am I
> > missing a better, obvious way? Comments on style are also
> > welcome.
> >
> > Tony
> >
--
Marcel Gschwandl <tautau@gmx.ch>
The day Microsoft invents something that doesn't suck
is the day they start making vacuum cleaners. -- Ernst Jan Plugge
Reply to: