port forwarding trouble

Darren Tucker dtucker at zip.com.au
Fri Aug 5 00:41:37 EST 2005


Sergio Gelato wrote:
> * Frederik Eaton [2005-08-02 17:39:59 +0100]:
>>Also, I don't think that the "host at port" syntax suggested in the bug
>>comments is a good idea. 
> 
> At the very least it should be port at host. There is precedent for that,
> e.g. in FlexLM LM_LICENSE_FILE environment variables.

Why is that better the host at port?  I would bet there's precedent for 
that somewhere too.

[...]
> I'm not sure about URLs, but various tools simply require square
> brackets around the IPv6 address, as in
> 	[0:1:2:3:4:5:6:7]:port

That would be OK for new entries but it's not backward compatible with 
existing known_hosts files.

Once you add an optional ":port" I don't see how it's possible to 
reliably distinguish between IPv6 addresses created by old versions and 
host:port indentifiers created by new versions.

> For example, this (minus the port number) is what you are supposed to
> do in /etc/hosts.allow. Implementations differ as to whether one needs
> [fe80::]/10 or [fe80::/10] for network prefixes, but I think the former
> is winning.

OpenSSH already understands that notation, eg for ListenAddress (minus 
the network prefix, I think).

>>A brief search indicated "host.:port" might be used somewhere. 
>>But "host:port" is so common that it would be better to use a different
>>notation only when 'host' is IPv6. "@" is especially bad, because it
>>makes it look like the host is a user.

They're host keys, I don't see how the identifiers could be confused 
with a user. There's no reference to users at all in known_hosts.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list