[wplug] how to force ssh session to exit before all commands
complete?
Alexandros Papadopoulos
apapadop at alumni.cmu.edu
Fri Nov 26 05:48:55 EST 2004
Hi all!
In my organization we have some VPN tunnels implemented with OpenVPN.
Since I'm too lazy to implement proper TLS keys, a certificate
authority to automatically refresh certificates etc, I'm just pushing
new keys to my clients whenever I have 10 spare seconds.
It's pretty simple - I execute a script that scp's over the new VPN
pre-shared key and then orders the VPN to restart itself, to start
using the new key.
There's only one slight problem. The ssh session in which I'm
instructing openvpn to restart, is killing the very VPN through which
I'm working. Hence, although the command is executed just fine on the
remote end, on the local end I get a nice hung shell which I have to
CTRL-C out of. The reason: my shell's connection is lost before the
remote command cleanly exits, and hence before ssh frees the remote
shell.
This prevents this whole thing from being scripted and executed through
cron... anyone have any suggestion on how to get over it?
I tried the following:
+ adding "shopt -s huponexit" to the remote shell's .profile
+ calling the remote script with nohup <script> &
+ simply backgrounding the remote script
+ running a script on the remote end that immediately exits, but spawns
a process with the /etc/init.d/openvpn restart & statement.
All of the above didn't make any difference. My shell hangs right after
"Stopping openvpn:" , at which point I hit CTRL-C and the rest of the
script executes.
I'm attaching the script in case it gives some insight, although I'm
pretty sure everything will be fine if I can find a way to exit the ssh
shell as soon after a command is launched, but before that command
completes. The problem occurs in lines 18, 36 and 54 (once for each VPN
endpoint).
Thanks for reading
-A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rotate-keys.sh
Type: application/x-shellscript
Size: 2978 bytes
Desc: not available
Url : http://penguin.wplug.org/pipermail/wplug/attachments/20041126/fbc0a956/rotate-keys.bin
More information about the wplug
mailing list