Port Forward Limit?

Todd Morgan bamamorgans at gmail.com
Sat Sep 27 07:12:20 EST 2014


We have our own internal set of utilities, we'll call it "myssh." We have
one central server that receives ssh connections from client servers. Each
client server is then associated with a port on that central server. myssh
(just a wrapper around ssh) pulls back all of the ports to in use to our
local machine. Each port is then associated with a hostname. So we just use
the utility in place of ssh and it maps the port.


So instead of "ssh -p 12345 localhost" it would be "myssh client.server.com"

One of the switches for "myssh" allows us to pull ports for a group of
servers instead of all of them. If we use that switch and pull back a few
hundred at a time, we're fine. It looks like it has a problem right around
2300 ports.

On Fri, Sep 26, 2014 at 9:11 PM, Todd Morgan <bamamorgans at gmail.com> wrote:

> We have our own internal set of utilities, we'll call it "myssh." We have
> one central server that receives ssh connections from client servers. Each
> client server is then associated with a port on that central server. myssh
> (just a wrapper around ssh) pulls back all of the ports to in use to our
> local machine. Each port is then associated with a hostname. So we just use
> the utility in place of ssh and it maps the port.
>
>
> So instead of "ssh -p 12345 localhost" it would be "myssh
> client.server.com"
>
> One of the switches for "myssh" allows us to pull ports for a group of
> servers instead of all of them. If we use that switch and pull back a few
> hundred at a time, we're fine. It looks like it has a problem right around
> 2300 ports.
>
> On Fri, Sep 26, 2014 at 9:00 PM, Christian Hesse <mail at eworm.de> wrote:
>
>> Todd Morgan <bamamorgans at gmail.com> on Fri, 2014/09/26 15:01:
>> > At my company we use port forwarding as an alternative to VPN. In
>> previous
>> > releases of openssh (pre 6.0) we could run a script and fetch the
>> thousands
>> > of forwards to our local machine to connect to remote machines. Since
>> > openssh 6.x, whenever we run the same script we get a bufferoverflow
>> error.
>>
>> Did not take a look at you issue, but (if I understand your needs
>> correctly) using sshuttle [0] may be an option.
>>
>> Buffer overflow should not occur, though...
>>
>> [0] https://github.com/apenwarr/sshuttle
>> --
>> Schoene Gruesse
>> Chris
>>                          O< ascii ribbon campaign
>>                    stop html mail - www.asciiribbon.org
>>
>
>


More information about the openssh-unix-dev mailing list