rsbecker at nexbridge.com
2022-Jan-13 23:11 UTC
Feature Request: socket-passing support in ssh client
On January 13, 2022 6:01 PM, Darren Tucker wrote:> On Fri, 14 Jan 2022 at 03:17, Chris Mitchell <ssh-list at chris.oldnest.ca> > wrote: > > > What I hope to accomplish is on-demand activation of ssh port forwards. > > I gather that the OpenSSH server's -i flag is essentially what I'm > > looking for, in which something like inetd or systemd already has port > > 22 open and passes it to sshd at launch. As far as I understand > > things, the OpenSSH *client* has no similar capability, which is > > unsurprising given that it's not a server. ;-) > > > > It's not exactly what you ask for later, but it's the exact counterpartfor sshd -i: you> can run ssh under inetd (or similar) in "netcat mode" (-W), where it willpass data> on stdin/out to a remote port forward. You'd put something like this ininetd.conf:> > ssh -W destinationhost:port intermediatehost > > and set it up with passwordless auth. This will bring up the connectionon demand,> but the caveat is that there will be one SSH connection per forwarded TCP > connection, not many multiplexed TCP connections within a single SSH > connection. I've used this construction in the past for variousshenanigans such as> routing low-volume mail and accessing backup servers between networkswithout> direct connections.For multiplexed connections, would not local port forwarding be a better architecture? It does not pass off sockets but allows on-demand access. --Randall
Chris Mitchell
2022-Jan-14 17:45 UTC
Feature Request: socket-passing support in ssh client
On Thu, 13 Jan 2022 18:11:20 -0500 <rsbecker at nexbridge.com> wrote:> For multiplexed connections, would not local port forwarding be a > better architecture? It does not pass off sockets but allows > on-demand access. --RandallI must admit I don't really get what you're suggesting. When you say "local port forwarding", do you mean the "ssh -L" option? Because if that allows the kind of on-demand access I've described, I'd be grateful if you could explain how to do it. Or do you mean some other tool to forward one or more local ports to the one local port that ssh is already forwarding to the remote host? (Does that even make sense?) Or something else again? And I may have made an A/B error talking about passing off sockets. Passing sockets is not an objective per se, but rather in my limited understanding I had assumed it was "the" way to achieve the kind of on-demand port forwarding I'm after. Cheers! -Chris