Solved Bash script - Keeping alive Authpf session

I have a small network behind a static IP. That static IP is running with authpf anchors which redirect traffic through the firewall to the proper internal machine for rsync purposes. I one machine behind the firewall currently for testing and authpf is working fine...

I am writing to script in bash that I can run on remote systems that will open and authenticate an ssh session in the background then run an rsync command that will be ferried through the firewall to the proper machine once the authpf session is set.

Everything works as predicted when I run it through on console...
Code:
root@Adams:/usr/home/test.account/bin # su test.account -c "ssh x.x.x.x"  Last login: Wed Jul  6 21:02:46 2016 from REMOTE
FreeBSD 10.0-RELEASE (GENERIC) #0 r260789: Thu Jan 16 22:34:59 UTC 2014

Hello test.account. You are authenticated from host "x.x.x.x"

But, when I run that same command line from within a bash script and set it to run in the background, the session just dies out... I need this session to stay alive as long as the script is running.

Everything is working perfectly, save the whole known_hosts file change which occurs when the send shell is forwarded through the firewall to the new machine, except this...
Code:
root@Adams:/usr/home/test.account/bin # cat ./test.sh
#!/usr/local/bin/bash
su test.account -c "ssh x.x.x.x" &
echo "rsync line here"
exit 0
 
wait is your friend here.

the example:

test.sh:
Code:
#!/bin/sh

( echo "this is command one" ; sleep 3; ) &
( echo "this is command two" ; sleep 2; ) &
wait
 
It didn't work... I think the problem has something to do with the fact that that it's not a proper terminal...

Code:
#!/usr/local/bin/bash

(su test.account -c "ssh -vvv x.x.x.x" &)

Code:
root@Adams:/usr/home/test.account/bin # ./test.sh
click shitOpenSSH_6.6.1p1, OpenSSL 1.0.1j-freebsd 15 Oct 2014
debug1: Reading configuration data /etc/ssh/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug2: ssh_connect: needpriv 0
debug1: Connecting to x.x.x.x [x.x.x.x] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/test.account/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/test.account/.ssh/id_rsa type 1
debug1: identity file /home/test.account/.ssh/id_rsa-cert type -1
debug1: identity file /home/test.account/.ssh/id_dsa type -1
debug1: identity file /home/test.account/.ssh/id_dsa-cert type -1
debug1: identity file /home/test.account/.ssh/id_ecdsa type -1
debug1: identity file /home/test.account/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/test.account/.ssh/id_ed25519 type -1
debug1: identity file /home/test.account/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4_hpn13v11 FreeBSD-20131111
debug1: match: OpenSSH_6.4_hpn13v11 FreeBSD-20131111 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: ssh_load_hostkeys: loading entries for host "x.x.x.x" from file "/home/test.account/.ssh/known_hosts"
debug3: ssh_load_hostkeys: found key type ECDSA in file /home/test.account/.ssh/known_hosts:1
debug2: key_type_from_name: unknown key type '-o'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type '-o'
debug3: key_read: missing keytype
debug3: ssh_load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug2: mac_setup: setup hmac-md5-etm@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 46:49:d0:a2:c5:c0:3d:de:0f:47:10:40:xX:87:f1:81
debug3: verify_host_key_dns
debug1: skipped DNS lookup for numerical hostname
debug3: ssh_load_hostkeys: loading entries for host "x.x.x.x" from file "/home/test.account/.ssh/known_hosts"
debug3: ssh_load_hostkeys: found key type ECDSA in file /home/test.account/.ssh/known_hosts:1
debug2: key_type_from_name: unknown key type '-o'
debug3: key_read: missing keytype
debug2: key_type_from_name: unknown key type '-o'
debug3: key_read: missing keytype
debug3: ssh_load_hostkeys: loaded 1 keys
debug1: Host 'x.x.x.x' is known and matches the ECDSA host key.
debug1: Found key in /home/test.account/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/test.account/.ssh/id_rsa (0x8038160c0),
debug2: key: /home/test.account/.ssh/id_dsa (0x0),
debug2: key: /home/test.account/.ssh/id_ecdsa (0x0),
debug2: key: /home/test.account/.ssh/id_ed25519 (0x0),
debug1: Authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/test.account/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 72:bb:2c:b7:7c:0c:35:a4:59:5e:34:b3:f1:6f:b5:fb
debug3: sign_and_send_pubkey: RSA 72:bb:2c:b7:7c:0c:35:a4:59:5e:34:b3:f1:6f:b5:fb
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to x.x.x.x ([x.x.x.x]:22).
debug2: fd 4 setting O_NONBLOCK
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
debug1: channel 0: new [client-session]
debug1: Enabled Dynamic Window Scaling

debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x08
debug2: client_session2_setup: id 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: tcpwinsz: 66608 for connection: 3
debug2: tcpwinsz: 66608 for connection: 3
debug2: channel 0: rcvd adjust 65536
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
debug2: tcpwinsz: 66608 for connection: 3
debug2: channel 0: read<=0 rfd 4 len 0
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: tcpwinsz: 66608 for connection: 3
debug2: tcpwinsz: 66608 for connection: 3
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: tcpwinsz: 66608 for connection: 3
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

debug1: fd 0 clearing O_NONBLOCK
Transferred: sent 3352, received 2460 bytes, in 0.0 seconds
Bytes per second: sent 72002.6, received 52842.0
debug1: Exit status 1
 
wait is there for a process to wait for his sub-processes to finish and prevent killing them prematurely.
With -t in ssh you can force ssh to allocate the terminal.

Btw. is there a strict need for bash ? With what you do sh is good (and portable).
Also if you wanted to hash-out your public IP you did paste it in the command and debug output.
 
I used bash because this script will eventually be run from cygwin and I like the fact that I can use arrays is needed...
Thanks for the IP call... I edited it... Let me try those options out... I spawned an sshd on port 2222 so I can see both sides of the traffic...
 
Code:
#!/usr/local/bin/bash

/bin/sh -c "su test.account -c 'ssh -t x.x.x.x -p 2222'" &
wait

read -p "click" ans
exit 0

Code:
root@Adams:/usr/home/test.account/bin # ./test.sh
Pseudo-terminal will not be allocated because stdin is not a terminal. <-- Is this the problem?
Environment:
  USER=test.account
  LOGNAME=test.account
  HOME=/home/test.account
  MAIL=/var/mail/test.account
  PATH=/usr/bin:/bin
  TERM=su
  SHELL=/bin/sh
  SSH_CLIENT=x.x.x.x 52778 2222
  SSH_CONNECTION=x.x.x.x 52778 x.x.x.x 2222
click

Server Side:

Code:
root@kif:/usr/home/test.account/.ssh # /usr/sbin/sshd -d -p 2222
debug1: HPN Buffer Size: 65536
debug1: sshd version OpenSSH_6.4p1_hpn13v11 FreeBSD-20131111, OpenSSL 1.0.1e-freebsd 11 Feb 2013
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='2222'
debug1: Bind to port 2222 on ::.
debug1: Server TCP RWIN socket size: 65536
debug1: HPN Buffer Size: 65536
Server listening on :: port 2222.
debug1: Bind to port 2222 on 0.0.0.0.
debug1: Server TCP RWIN socket size: 65536
debug1: HPN Buffer Size: 65536
Server listening on 0.0.0.0 port 2222.
debug1: fd 5 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
debug1: res_init()
Connection from 70.166.151.80 port 52778
debug1: HPN Disabled: 0, HPN Buffer Size: 65536
debug1: Client protocol version 2.0; client software version OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
debug1: match: OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
debug1: permanently_set_uid: 22/22 [preauth]
debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none [preauth]
debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
debug1: SSH2_MSG_NEWKEYS sent [preauth]
debug1: expecting SSH2_MSG_NEWKEYS [preauth]
debug1: SSH2_MSG_NEWKEYS received [preauth]
debug1: KEX done [preauth]
debug1: userauth-request for user test.account service ssh-connection method none [preauth]
debug1: attempt 0 failures 0 [preauth]
debug1: PAM: initializing for "test.account"
debug1: PAM: setting PAM_RHOST to "libertyroof"
debug1: userauth-request for user test.account service ssh-connection method publickey [preauth]
debug1: attempt 1 failures 0 [preauth]
debug1: test whether pkalg/pkblob are acceptable [preauth]
debug1: trying public key file /home/test.account/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/test.account/.ssh/authorized_keys, line 1 RSA 72:bb:2c:b7:7c:0c:35:a4:59:5e:34:b3:f1:6f:b5:fb
Postponed publickey for test.account from x.x.x.x port 52778 ssh2 [preauth]
debug1: userauth-request for user test.account service ssh-connection method publickey [preauth]
debug1: attempt 2 failures 0 [preauth]
debug1: trying public key file /home/test.account/.ssh/authorized_keys
debug1: fd 4 clearing O_NONBLOCK
debug1: matching key found: file /home/test.account/.ssh/authorized_keys, line 1 RSA 72:bb:2c:b7:7c:0c:35:a4:59:5e:34:b3:f1:6f:b5:fb
debug1: ssh_rsa_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for test.account from x.x.x.x port 52778 ssh2: RSA 72:bb:2c:b7:7c:0c:35:a4:59:5e:34:b3:f1:6f:b5:fb
debug1: monitor_child_preauth: test.account has been authenticated by privileged process
debug1: monitor_read_log: child log fd closed
debug1: PAM: establishing credentials
User child is on pid 3807
debug1: PAM: establishing credentials
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 3808
debug1: session_exit_message: session 0 channel 0 pid 3808
debug1: session_exit_message: release channel 0
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
debug1: session_close: session 0 pid 0
debug1: channel 0: free: server-session, nchannels 1
Received disconnect from x.x.x.x: 11: disconnected by user <--- ARGH ! ! ! !
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
root@kif:/usr/home/test.account/.ssh #

Still.... Ughhhh....
 
UPDATE: after pining over the ssh() man page, I found this...

Multiple [B]-t [/B]options force tty allocation, even if [B]ssh[/B] has no local tty.


So, as it turns out a simple
Code:
su test.account -c "ssh -tt x.x.x.x -p 2222 &"
Worked out perfectly to keep the authpf shell open in the background and only requires a quick line to kill the process before exiting...
Code:
kill -HUP $(ps -aux | grep "ssh -tt" | grep -v grep | cut -w -f 2)
Thanks matoatlantis for your efforts...
 
Back
Top