Can I set up a 'before hook' on certain SSH hosts?

Question

I have several hosts in my ~/.ssh/config file, some of which are on my work network. Before accessing those, I need to authenticate myself on that network by running kinit, but I often forget to do that.

Is there a command to run kinit in a 'before hook' on those SSH hosts?

Answer 1

I'm not sure there's exactly such a thing as a 'before hook', but I can see two hacks that could achieve the a similar effect.

Bash Functions (in some init file like .bashrc, .profile, etc)

ssh () 
{ 
    echo "do this before ssh'ing"
    command ssh "$@"
}

The other possibility that I can think on would be the ProxyCommand option. In your ~/.ssh/config:

Host *
  ProxyCommand sh -c 'kinit >&2 && nc %h %p'

Couple of salient points:

• If you're going to do this, I'd recommend replacing the raw kinit, with a script (ensure_kinit.sh perhaps) which checks if running kinit is necessary, and if so running it.
• If you choose the second option, ensure that you redirect stdout to stderr; stdin and stdout should be kept for SSH Protocol network messages.
• The latter method will work for other commands such as git, and scp, which use ssh to communicate, while the former will only work for ssh.