[Bug 2393] New: Remote dynamic port forwarding for OpenSSH client
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue May 5 02:59:36 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2393
Bug ID: 2393
Summary: Remote dynamic port forwarding for OpenSSH client
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
URL: http://d3s.mff.cuni.cz/~steinhauser/openssh.html
OS: All
Status: NEW
Keywords: openbsd, patch
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: steinhauser.anthony at gmail.com
Created attachment 2615
--> https://bugzilla.mindrot.org/attachment.cgi?id=2615&action=edit
Remote dynamic port forwarding patch against OpenSSH Portable
70860b6d07
It would be nice to have the fourth combination of static/dynamic and
local/remote TCP port forwarding. Local static (-L), remote static (-R)
and local dynamic (-D) combinations are already supported. What is
missing is the remote dynamic port forwarding.
Remote dynamic port forwarding would be useful to extend possibilities
and deployability of both remote static port forwarding and local
dynamic port forwarding.
Remote static port forwarding allows client to reach a particular TCP
port on their client machine from a remote SSH session. With remote
dynamic port forwarding clients would be able to execute arbitrary
programs on a remote SSH server completely retaining their TCP
connectivity and network identity. If their TCP payload doesn't support
SOCKS protocol natively, it can be packed into SOCKS requests with a
SOCKS wrapper such as proxychains or socksify. Similarly, using remote
static port forwarding clients can publish a single service on the SSH
server. With remote dynamic port forwarding they would be able to
publish their whole connectivity to all users of the SSH server or even
to all those, who have access to a particular TCP port on the server.
Local dynamic port forwarding enables clients to use basically any SSH
server as a SOCKS proxy server. However, sometimes it's not possible to
operate an SSH server on a particular machine (due to firewall
constrains, impossibility to bind sockets to privileged ports, etc.).
Remote dynamic port forwarding allows the potential proxy servers to
circumvent the condition of running an SSH server with running just an
SSH client. Local dynamic port forwarding allows clients to assume the
connectivity and network identity of the SSH server. Remote dynamic
port forwarding in combination with local static port forwarding allows
clients to assume also the connectivity and network identity of fellow
SSH clients.
There is already a patch against OpenSSH portable (commit
70860b6d07461906730632f9758ff1b7c98c695a) that provides remote dynamic
port forwarding support.
http://d3s.mff.cuni.cz/~steinhauser/openssh.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list