"on-the-fly" SSH Port Forwarding
djm at mindrot.org
Sun Sep 7 21:21:52 EST 2008
On Sun, 7 Sep 2008, Chris Mason wrote:
> I am using the following version of OpenSSH for reference:
> root at proxy:/root# ssh -V
> OpenSSH_4.8, OpenSSL 0.9.7j 04 May 2006
> root at proxy:/root# uname -a
> OpenBSD proxy.localdomain 4.3 GENERIC#698 i386
> I am developing an application which uses on-the-fly SSH port forwarding
> by using the "~C" escape sequence to add local port forwards when needed
> (through Expect). It would appear that there is no option to remove
> local port forwards and only remote port forwards:
> ssh> -h
> -L[bind_address:]port:host:hostport Request local forward
> -R[bind_address:]port:host:hostport Request remote forward
> -KR[bind_address:]port Cancel remote forward
> I am hitting scalability issues as I am not able to cancel local
> forwards and after about 251 tunnels I am unable to add any more. (I am
> assuming this is platform/machine dependent as it complains about "No
> buffer space").
Could you please send a debug trace of this happening? ("ssh -vvv")
There is IIRC a fixed limit to the number of forwards that you can
establish, but it should give at least a more friendly error message.
> How come there isn't an option to remove local forwards when there is to
> remove remote ones? Is this by design or something that was never
It was never implemented, but probably would be quite easy to do.
Another option, which would probably be way better for your application
is to use the dynamic/SOCKS port forwarding and possibly a small helper
Still another option is to implement addition/removal of port-forwards
via the control multiplexing socket. This has been on my TODO list for
quite a while.
More information about the openssh-unix-dev