stdio to port forward?
Damien Miller
djm at mindrot.org
Mon May 24 19:05:46 EST 2004
Jefferson Ogata wrote:
> Darren Tucker wrote:
>
>>Well, the "fast" option is to use connect/netcat:
>>
>>ssh -o 'Proxycommand ssh bastion connect yourhost 22" yourhost
>>
>>The disadvantage is you need connect or netcat on the bastion host. (I
>>also had problems with netcat not exitting but apparently recent
>>versions don't do that).
>
> It also fails, on its own, to allow port forwarding without giving the user a
> shell, which I understood to be one of the basic goals.
One could use a authorized_keys file with command="nc host 22".
If you don't trust the bastion, then you should definitely be using
pubkey authentication anyway: it binds to the session id and thus the
server's host key, making MITM nearly impossible (assuming the client
already knows about the server's host key)
-d
More information about the openssh-unix-dev
mailing list