Feature Request: socket-passing support in ssh client
Peter Moody
mindrot at hda3.com
Fri Jan 14 04:04:46 AEDT 2022
I could be misunderstanding your use-case, but ssh has a
ProxyUseFdpass option where it can accept an already-connected socket.
On Thu, Jan 13, 2022 at 8:19 AM Chris Mitchell
<ssh-list at chris.oldnest.ca> wrote:
>
> Hi all,
>
> My apologies if what I'm looking for is already possible. If that is
> the case, I would gratefully welcome pointers to where in the
> documentation to find it and/or key words to search for.
>
> What I hope to accomplish is on-demand activation of ssh port forwards.
> I gather that the OpenSSH server's -i flag is essentially what I'm
> looking for, in which something like inetd or systemd already has port
> 22 open and passes it to sshd at launch. As far as I understand things,
> the OpenSSH *client* has no similar capability, which is unsurprising
> given that it's not a server. ;-)
>
> For the use case where I want to use an SSH port forward to access a
> remote service on a regular-ish (but not "always-on") basis, it doesn't
> really make sense to try to hold that tunnel open all the time with
> keepalives and timeouts and restarts and such. But setting it up
> manually each time is suboptimal, especially for someone who uses
> numerous such tunnels, eg to access a bunch of web-based management
> interfaces behind a firewall. As far as I know, current capabilities
> don't allow any reasonable on-demand automated solution.
>
> It would be really cool if I could have a meta-server listening
> on the local port right from boot, and then on access to that port it
> would invoke something like:
> /usr/bin/ssh -N -T -L localhost:12345:localhost:12345 user at server
> ...but with some equivalent to sshd's "-i" flag, so that the
> ssh client would accept being passed local port 12345 instead of trying
> to open it itself and erroring out because it's already in use.
>
> In my particular use-case I would use a systemd socket unit for this,
> but if I'm not mistaken xinetd could fulfill that role too, so what
> I'm looking for is platform-independent and doesn't introduce any
> systemd dependencies. Finally, it would be convenient if it could take
> the local socket from the command line rather than requiring custom
> entries in /etc/services, but that's a minor detail.
>
> Does that make sense?
>
> Cheers!
> -Chris
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list