Dynamic Remote Port forward?

Markus Friedl mfriedl at gmail.com
Mon May 9 05:04:04 AEST 2016 

I have an ugly patch for that feature that requires protocol modification. 

> Am 04.05.2016 um 23:32 schrieb Rogan Dawes <rogan at dawes.za.net>:
> 
> Hi folks,
> 
> I'm wondering if it is possible to set up a dynamic port forward (i.e.
> socks proxy), where the listening socket is actually on the server rather
> than the client as is currently the case for -D ?
> 
> A possible use case is providing a deeply firewalled box with an outbound
> SOCKS proxy, but only while an inbound ssh connection is active.
> 
> Or, in my particular case, I have many routers running OpenWRT, using
> sshtunnel to establish a persistent connection to my central server. I want
> to be able to reach systems behind the gateways.
> 
> I currently have the sshtunnel configuration set up as follows:
> 
> On the router:
> 
> ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22
> sshvpn at central
> 
> In this way, should I want to connect to a system behind the router, I can
> first establish a new SSH connection back to the router itself, from the
> central server:
> 
> ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 1080
> root at gateway-xxxx
> 
> and then use the socks proxy on port 1080 to reach the remote devices.
> 
> This is workable, but somewhat clumsy, in my opinion.
> 
> My ideal scenario would be something like the following, run on the router:
> 
> ssh StreamLocalBindUnlink=yes -nN -RD /sshvpn/gateway-xxxx sshvpn at central
> 
> which would allow a process on the central server to establish a connection
> through the socks server listening at /sshvpn/gateway-xxxx, with
> connections outbound from the router itself.
> 
> Obviously the "-DR" option is nonsense, and should be changed to a suitable
> single character option, I'm just not sure what is available right now! :-)
> 
> Thoughts?
> 
> Rogan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list