site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On 13/apr/07, at 13:51, Jay A. Kreibich wrote: Hi, I use to read email through an ssh tunnel and I want to turn the task into an on-demand launchd user agent. So far, I have come out with the following, "nearly working", solution: I have a couple of problems, though: 1) The first email sent during a session correctly triggers the ssh tunnel on, but the mail client (I have tried with Apple Mail and Thunderbird) hangs on "Connecting to localhost...". If I stop sending the email and try again (now the tunnel is already active) the mail is sent. Subsequent messages are also sent without any problem. This isn't as simple as it sounds. The problem is that "servers" (defined, for the purpose of this conversation, as anything that allows incoming network connections; in this case the local end of the ssh tunnel) that want to run "on demand" must be written in a special way. This is true of launchd, it is also true of launchd's predecessors, such as inetd and xinetd. Google for "ssh tunnel inetd" to get some ideas on how people have worked around this. Ok, I have found that, with xinetd, you can do something like: nc localhost smtp [...] <key>OnDemand</key> <true/> <key>ProgramArguments</key> <array> <string>/usr/bin/ssh</string> <string>-i</string> <string>/Users/myself/.ssh/my-key</string> <string>-q</string> <string>-T</string> <string>myself@my.mail.server.com</string> </array> <key>RunAtLoad</key> <false/> <key>Sockets</key> <dict> <key>Listeners</key> <dict> <key>SockServiceName</key> <string>smtp</string> <key>SockType</key> <string>stream</string> </dict> </dict> <key>inetdCompatibility</key> <dict> <key>Wait</key> <true/> </dict> </dict> </plist> Nicola _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... On Fri, Apr 13, 2007 at 12:13:44PM +0200, Nicola Vitacolonna scratched on the wall: In short, the problem is that launchd has control over the incoming network connection. When it detects an incoming connection (e.g. your mail program) it launches the defined on-demand program (your ssh tunnel). But after that it done, it needs some way to plumb together the network connection and the newly launched program. This requires an alternate input/output method in the on-demand server application. While sshd (the normal server daemon) supports this mode (-i), the ssh client does not. So your first connection triggers the startup of the tunnel, but it doesn't actually work, since the plumbing can't be connected correctly. The tunnel has started up, however, so subsequent connections work as expected. service smtp { socket_type = stream protocol = tcp wait = no user = root disable = no server = /usr/bin/ssh server_args = -q -T -i /Users/myself/.ssh/my-key myself@my.mail.server.com groups = yes bind = 127.0.0.1 } redirecting the connection to the smtp port by issuing a remote command like (or socket localhost smtp). I have setup my public key so that my ssh connection is forwarded to my mail server, but in no way I can simulate the above with launchd. Is that possible at all? The nearest I can imagine is along these lines: with the disadvantage that it must be run as root, because it is listening on port 25. But that does not work for me. This email sent to site_archiver@lists.apple.com