[Bug 1327] New: The limit of 100 forwarded ports is arbitrary and unnecessary
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 3 00:26:04 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1327
Summary: The limit of 100 forwarded ports is arbitrary and
unnecessary
Product: Portable OpenSSH
Version: 4.6p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P1
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: archie at dellroad.org
Subject line says it all.
The limit of 100 forwarded ports (e.g., using "-L" flag) is arbitrary
and unnecessary. It is an example of what John Ousterhout would call a
"voodoo constant", i.e., a value randomly chosen by a developer at some
point in time without any basis in science or measurement. It is an
example of the frowned-upon practice of encoding policy into software
(software should encode mechanisms... policy should be left to config
files, command line flags, etc. (i.e., a human)).
This limitation is like having a law stating that you are not allowed
to buy more than 5 dozen eggs at the supermarket. Sure, most people
don't buy more than 60 eggs at a time, but does that mean there needs
to be a law against it?
Motivation: at my company we use SSH port forwarding as part of a cheap
and dirty VPN scheme to establish contact between many machines. Now
that there are more than 100 other machines out there, this scheme has
stopped working. All because of a completely artificial and unnecessary
limit.
This limitation is easily worked around, of course: just start two or
more SSH sessions. Kindof like going to the store twice in a row to buy
120 eggs by buying 60 eggs twice. This of course is just more evidence
that this limitation is useless.
So at the minimum, please make this limit configurable in
/etc/ssh/ssh_config, or better yet get rid of it all together. The UNIX
O/S already has mechanisms in place to limit resource utilization by
individual accounts. SSH doesn't need to apply its own additional,
arbitrary limitation.
Thanks!
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list