[Bug 2393] New: Remote dynamic port forwarding for OpenSSH client

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 5 02:59:36 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2393

            Bug ID: 2393
           Summary: Remote dynamic port forwarding for OpenSSH client
           Product: Portable OpenSSH
           Version: 6.8p1
          Hardware: All
               URL: http://d3s.mff.cuni.cz/~steinhauser/openssh.html
                OS: All
            Status: NEW
          Keywords: openbsd, patch
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: steinhauser.anthony at gmail.com

Created attachment 2615
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2615&action=edit
Remote dynamic port forwarding patch against OpenSSH Portable
70860b6d07

It would be nice to have the fourth combination of static/dynamic and
local/remote TCP port forwarding. Local static (-L), remote static (-R)
and local dynamic (-D) combinations are already supported. What is
missing is the remote dynamic port forwarding.

Remote dynamic port forwarding would be useful to extend possibilities
and deployability of both remote static port forwarding and local
dynamic port forwarding.

Remote static port forwarding allows client to reach a particular TCP
port on their client machine from a remote SSH session. With remote
dynamic port forwarding clients would be able to execute arbitrary
programs on a remote SSH server completely retaining their TCP
connectivity and network identity. If their TCP payload doesn't support
SOCKS protocol natively, it can be packed into SOCKS requests with a
SOCKS wrapper such as proxychains or socksify. Similarly, using remote
static port forwarding clients can publish a single service on the SSH
server. With remote dynamic port forwarding they would be able to
publish their whole connectivity to all users of the SSH server or even
to all those, who have access to a particular TCP port on the server.

Local dynamic port forwarding enables clients to use basically any SSH
server as a SOCKS proxy server. However, sometimes it's not possible to
operate an SSH server on a particular machine (due to firewall
constrains, impossibility to bind sockets to privileged ports, etc.).
Remote dynamic port forwarding allows the potential proxy servers to
circumvent the condition of running an SSH server with running just an
SSH client. Local dynamic port forwarding allows clients to assume the
connectivity and network identity of the SSH server. Remote dynamic
port forwarding in combination with local static port forwarding allows
clients to assume also the connectivity and network identity of fellow
SSH clients.

There is already a patch against OpenSSH portable (commit
70860b6d07461906730632f9758ff1b7c98c695a) that provides remote dynamic
port forwarding support.

http://d3s.mff.cuni.cz/~steinhauser/openssh.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list