"on-the-fly" SSH Port Forwarding
Damien Miller
djm at mindrot.org
Sun Sep 7 21:21:52 EST 2008
On Sun, 7 Sep 2008, Chris Mason wrote:
> Hi,
>
> I am using the following version of OpenSSH for reference:
>
> root at proxy:/root# ssh -V
> OpenSSH_4.8, OpenSSL 0.9.7j 04 May 2006
>
> root at proxy:/root# uname -a
> OpenBSD proxy.localdomain 4.3 GENERIC#698 i386
>
> I am developing an application which uses on-the-fly SSH port forwarding
> by using the "~C" escape sequence to add local port forwards when needed
> (through Expect). It would appear that there is no option to remove
> local port forwards and only remote port forwards:
>
> ssh> -h
> Commands:
> -L[bind_address:]port:host:hostport Request local forward
> -R[bind_address:]port:host:hostport Request remote forward
> -KR[bind_address:]port Cancel remote forward
>
> I am hitting scalability issues as I am not able to cancel local
> forwards and after about 251 tunnels I am unable to add any more. (I am
> assuming this is platform/machine dependent as it complains about "No
> buffer space").
Could you please send a debug trace of this happening? ("ssh -vvv")
There is IIRC a fixed limit to the number of forwards that you can
establish, but it should give at least a more friendly error message.
> How come there isn't an option to remove local forwards when there is to
> remove remote ones? Is this by design or something that was never
> implemented?
It was never implemented, but probably would be quite easy to do.
Another option, which would probably be way better for your application
is to use the dynamic/SOCKS port forwarding and possibly a small helper
application.
Still another option is to implement addition/removal of port-forwards
via the control multiplexing socket. This has been on my TODO list for
quite a while.
-d
More information about the openssh-unix-dev
mailing list