5 ### This script performs the passive side of a dynamic association. It is
6 ### intended to be set as the `tripe' user's shell, and invoked via ssh(1).
7 ### Specifically, for each dynamic peer, add a line to `.ssh/authorized_keys'
10 ### command="PEER" ssh-rsa ...
12 ### There's an additional wrinkle. Suppose that the passive TrIPE endpoint
13 ### is behind a NAT, and the SSH gateway is on a different machine. The
14 ### gateway should have its own `tripe' user, and this script should again be
15 ### its shell. On the gateway, add a `.ssh/authorized_keys' entry
17 ### command="tripe@SERVER:PEER" ssh-rsa ...
19 ### for the dynamic endpoint. On the passive endpoint itself, you need an
20 ### entry for the gateway's `tripe' user's key, with no command.
22 : ${prefix=@prefix@} ${exec_prefix=@exec_prefix@}
24 : ${TRIPEDIR=@configdir@} ${TRIPESOCK=@socketdir@/tripesock}
25 : ${tripectl=$bindir/tripectl}
26 export TRIPEDIR TRIPESOCK
31 ## Proxy through to another server.
32 server=${2%:*} user=${2##*:}
33 exec ssh "$server" "$user"
37 ## Connect to the local tripe server.
38 exec $tripectl SVCSUBMIT connect passive "$2"
42 ## Anything else is an error.
43 echo >&2 "usage: $0 -c [SERVER:]PEER"