openssh bugs - May 2015 - [Bug 2393] New: Remote dynamic port forwarding for OpenSSH client

https://bugzilla.mindrot.org/show_bug.cgi?id=2393

            Bug ID: 2393
           Summary: Remote dynamic port forwarding for OpenSSH client
           Product: Portable OpenSSH
           Version: 6.8p1
          Hardware: All
               URL: http://d3s.mff.cuni.cz/~steinhauser/openssh.html
                OS: All
            Status: NEW
          Keywords: openbsd, patch
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: steinhauser.anthony at gmail.com

Created attachment 2615
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2615&action=edit
Remote dynamic port forwarding patch against OpenSSH Portable
70860b6d07

It would be nice to have the fourth combination of static/dynamic and
local/remote TCP port forwarding. Local static (-L), remote static (-R)
and local dynamic (-D) combinations are already supported. What is
missing is the remote dynamic port forwarding.

Remote dynamic port forwarding would be useful to extend possibilities
and deployability of both remote static port forwarding and local
dynamic port forwarding.

Remote static port forwarding allows client to reach a particular TCP
port on their client machine from a remote SSH session. With remote
dynamic port forwarding clients would be able to execute arbitrary
programs on a remote SSH server completely retaining their TCP
connectivity and network identity. If their TCP payload doesn't support
SOCKS protocol natively, it can be packed into SOCKS requests with a
SOCKS wrapper such as proxychains or socksify. Similarly, using remote
static port forwarding clients can publish a single service on the SSH
server. With remote dynamic port forwarding they would be able to
publish their whole connectivity to all users of the SSH server or even
to all those, who have access to a particular TCP port on the server.

Local dynamic port forwarding enables clients to use basically any SSH
server as a SOCKS proxy server. However, sometimes it's not possible to
operate an SSH server on a particular machine (due to firewall
constrains, impossibility to bind sockets to privileged ports, etc.).
Remote dynamic port forwarding allows the potential proxy servers to
circumvent the condition of running an SSH server with running just an
SSH client. Local dynamic port forwarding allows clients to assume the
connectivity and network identity of the SSH server. Remote dynamic
port forwarding in combination with local static port forwarding allows
clients to assume also the connectivity and network identity of fellow
SSH clients.

There is already a patch against OpenSSH portable (commit
70860b6d07461906730632f9758ff1b7c98c695a) that provides remote dynamic
port forwarding support.

http://d3s.mff.cuni.cz/~steinhauser/openssh.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2393

Andreas Gnau <Rondom at Rondom.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Rondom at Rondom.de

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2393

Andreas Gnau <Rondom at Rondom.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Andreas Gnau <Rondom at Rondom.de> ---
This is implemented in 7.6.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2393

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.