Portforwarding using the control master.

dvorak dvorak at xs4all.nl
Fri Jun 20 00:10:03 EST 2008


> Hi Dvorak,
> 
> On Thu, Jun 19, 2008 at 2:25 PM, dvorak <dvorak at xs4all.nl> wrote:
> 
> > Any comments?
> 
> If I understand you correctly, you wish to forward connections from a
> unix domain socket on a local machine to network ports on a remote
> machine. And given that in most situations, clients will have been
> written to connect to network ports, you'll write a patch for socat
> allowing for network ports on a local machine to be forwarded to the
> unix domain socket in question.
> 
> But while socat is running in this capacity, how will this provide any
> greater security than the current network-port-to-network-port
> forwardings?

If the other side of socat is a normal listening socat this is indeed the
case. However if used with for instance the ssh ProxyCommand it is just
one connection without a locally listening counter part.

My inteded usage is something like:

ssh -o "ProxyCommand socat - SSH-SOCKS:/path/to-master:%h:%p" user at box2


> 
> Hamish
> 
Dvorak



More information about the openssh-unix-dev mailing list