Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A script to set SSH proxy based on network location Network
The following script will let you use, or not use, an SSH proxy depending on your machine's location. What you need to make it all work:
  • connect.c for proxying (installed in /usr/local/bin or some such; change script as needed).
  • netcat to act as a "null" proxy (available through Fink).
  • The script -- remember to make it executable and store it somewhere on your path.
Here's how things work, in a nutshell. If you have a proxy configured, then the script will find the hostname and port of the proxy for the given protocol (look for the ****Proxy that you want by doing scutil --proxy -- it's a regex, so it must match the case). Then it will find the username and password for that proxy in your keychain and store them in environment variables that connect.c will understand.

If you don't have a proxy configured, the script will see that there's no proxy and just use netcat to simulate connect.c, and you can go about your SSH as normal. To use it, I have this line...
ProxyCommand /Users/me/bin/ -P HTTPS -H %h -p %p the top of ~/.ssh/config -- this means that every SSH connection is automatically proxied when my network "Location" is 'Work,' but not when I'm at 'Home.' Assuming you're using SSH key authentication, you should be able to get to the remote machine without ever entering a single password and still be secure; even with an authenticating proxy between you and the remote machine. Hope this helps somebody.

[robg adds: I haven't tested this one.]
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)

A script to set SSH proxy based on network location | 1 comments | Create New Account
Click here to return to the 'A script to set SSH proxy based on network location' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A script to set SSH proxy based on network location
Authored by: xSmurf on Apr 20, '07 04:03:27AM
That's a very interesting idea. I usually just go with different SSH hosts from ~/.ssh/config. Your method has the advantage of allowing script to use a single connection setting and of automatically detecting proxies. I normally use Corkscrew for tunneling ssh through the proxy. I'm not so sure anymore, but iirc there is an easier method for grabbing the current proxy server. On a side note, netcat is pre-installed by default:
$ whereis nc

I'll give this a shot when I get a bit of a time!

Funny bit of Unix history...

The nc utility, a "damn useful little backend utility" begun 95/09/15 or thereabouts, as ∗Hobbit∗'s first real stab at some sockets programming. Something that should have and indeed may have existed ten years ago, but never became a standard Unix utility. IMHO, nc could take its place right next to cat, cp, rm, mv, dd, ls, and all those other cryptic and Unix-likethings.
- NC's man page

MacBook Pro 2.16Ghz / 2Gb / 100Gb 7200rpm / CD/DVD±RW
PM G4 DP 800 / 1.25gb / 120Gb+80Gb / CD/DVD±RW/RAM/DL
- The only APP Smurf

[ Reply to This | # ]