Feature Request: socket-passing support in ssh client

Darren Tucker dtucker at dtucker.net
Fri Jan 14 10:01:29 AEDT 2022


On Fri, 14 Jan 2022 at 03:17, Chris Mitchell <ssh-list at chris.oldnest.ca>
wrote:

> What I hope to accomplish is on-demand activation of ssh port forwards.
> I gather that the OpenSSH server's -i flag is essentially what I'm
> looking for, in which something like inetd or systemd already has port
> 22 open and passes it to sshd at launch. As far as I understand things,
> the OpenSSH *client* has no similar capability, which is unsurprising
> given that it's not a server.  ;-)
>

It's not exactly what you ask for later, but it's the exact counterpart for
sshd -i: you can run ssh under inetd (or similar) in "netcat mode" (-W),
where it will pass data on stdin/out to a remote port forward.  You'd put
something like this in inetd.conf:

ssh -W destinationhost:port intermediatehost

and set it up with passwordless auth.  This will bring up the connection on
demand, but the caveat is that there will be one SSH connection per
forwarded TCP connection, not many multiplexed TCP connections within a
single SSH connection.  I've used this construction in the past for various
shenanigans such as routing low-volume mail and accessing backup servers
between networks without direct connections.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list