stdio to port forward?
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Mon May 24 18:31:17 EST 2004
Darren Tucker wrote:
> Dan Kaminsky wrote:
>> I'm attempting to implement something I've wanted for a while...a
>> stdio link to a TCP port forward, at least for SSH2, but preferably
>> for either protocol. There's certainly no technical reason this can't
>> be done, but the vagaries of terminal / file descriptor handling are
>> posing something of a challenge.
>>
>> Does anyone have any suggestions for "correct" approaches for this?
>
> Well, the "fast" option is to use connect/netcat:
>
> ssh -o 'Proxycommand ssh bastion connect yourhost 22" yourhost
>
> The disadvantage is you need connect or netcat on the bastion host. (I
> also had problems with netcat not exitting but apparently recent
> versions don't do that).
It also fails, on its own, to allow port forwarding without giving the user a
shell, which I understood to be one of the basic goals.
The fast option is to use SSL with client certificates. stunnel is handy for this.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
More information about the openssh-unix-dev
mailing list