Of course, in my script I don't use the tunnel as I do in the example above. In my script the call to ssh is part of a function that does some checks. It's the output of those checks that I want to pipe to a logging function, something like :
function start_tcp_tunnel
pre checks...
ssh -Nf -Llocalhost:22000:server:22 proxy
post checks...
}
function log {
while read line ; do
echo $(date) $line
done
}
start_tcp_tunnel | log
The tunnel in ssh is a side-effect that should not change what ssh does without a tunnel. Other apps use the tunnel to get secure access between hosts. cat - hangs because you supply no input to ssh, tunnel or no. How is the tunnel working?
Well, sftp is secure, and needs no tunnel. Plain ftp will not tunnel, it is a multi-connection, address and port passing, old protocol. Unless you are addicted to old things, just scp and forget the tunnel.
sftp and scp are ssh under the covers, so how do you get a tunnel? Oh, I see, the tunnel is on the proxy. It is a bit tragic to ssh inside ssh, double encryption load. Well, you could tunnel to a web or rcp port, but I suppose the other end might require ssh on that net. So, you want to sftp or scp through a tunnel. I suppose it should work, but the connection is coming from a different host than the certificate supports, so I see lots of problems. ssh is going to smell a rat and balk!
Now, you could ssh from client host to proxy, both a) setting up a tunnel from client host port y to proxy port x and b) ssh on proxy to set up a tunnel from proxy port x to target server web port, so you can hit http://client_host:y/file_name with wget. The two tunnels would be end to end, and http uses one port/connection and no host verifiation, and you can easily control the port.
It's like you wrote: 'that net' just offers an sftp service, no web port, etc.
But really, I don't think we're on the same page The purpose of my script is to upload files to an sftp server. The argument '-L' executes ssh (on the client) and tells it to listen on port 22000 and forward all traffic to 'proxy'; the ssh daemon on 'proxy' is then used to forward all traffic to 'server'. This is (and I'm sure you know this) basic forwarding. It works fine and we've been using it for a few weeks now.
The part that fails is when I try to capture the output of the function() that the ssh command is part of.
Well, of course it hangs, being somewhat a daemon. Spin it off if missing with a log file of its own. Still think it is a bit wild running ssh inside an ssh tunnel, and surprising it works. sftp is just an ssh user interface.
The purpose of my script is to upload files to an sftp server. The argument '-L' executes ssh (on the client) and tells it to listen on port 22000 and forward all traffic to 'proxy'; the ssh daemon on 'proxy' is then used to forward all traffic to 'server'. This is (and I'm sure you know this) basic forwarding. It works fine and we've been using it for a few weeks now.