Patch: open port forwards from slave - openssh

This is a discussion on Patch: open port forwards from slave - openssh ; We run ssh from a program and needed to add port-forwards dynamically. The ~C method turns out to be very cumbersome to use since it reads from /dev/tty. But then I came to think of the master/slave functionality (which we ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Patch: open port forwards from slave

  1. Patch: open port forwards from slave

    We run ssh from a program and needed to add port-forwards dynamically.
    The ~C method turns out to be very cumbersome to use since it reads from
    /dev/tty. But then I came to think of the master/slave functionality
    (which we already used) which seemed a perfect place for this
    functionality. Unfortunately it turned out not to be possible to set up
    new port forwards in a slave.

    So I patched openssh to make it possible to add port forwards via a
    slave process. This is done by creating a new command which can be sent
    over the control connection (SSHMUX_COMMAND_FORWARD). The patch against
    openssh current can be downloaded (13K) from:

    http://www.appgate.com/downloads/maf...-current.patch

    I would be happy if other people found it useful and if it could make it
    into the official distribution.

    /MaF
    --
    Martin Forssen Development Manager
    Phone: +46 31 7744361 AppGate Network Security AB
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev

  2. Re: Patch: open port forwards from slave

    On Oct 30, 5:57 am, m...@appgate.com wrote:

    > So I patched openssh to make it possible to add port forwards via a
    > slave process.


    Hi Martin,

    Thank you very much -- I've recently been meaning to write something
    like this myself (but then my firstborn arrived!)

    I was also wondering about making it "fully transparent", i.e., when
    the slave exits it would send a message to the master to remove the
    forwarding -- that is to say, the behaviour a user sees is the same
    whether they're using master/slave or not. For this, "ssh -NL ..."
    would not exit straight away as per your patch, but block as per non-
    master/slave behaviour (although it wouldn't actually be fully
    transparent, because if the slave were SIGKILLed the forwarding would
    remain. Also it would maybe be kind of weird if a slave "ssh -fNL"
    left a blocking process).

    I would also find it useful to have a behaviour like your patch in
    which the slave adding the forwarding returns immediately, but I
    wonder if this might best be served using "-O" control messages as per
    Torsten's original patch, with commands for removing and listing
    forwardings too.

    Finally, I was thinking it might be nice if commands passed using "-O"
    and commands typed at the ~C "ssh>" prompt were the same commands.

    Does anyone have any opinion on interface best practice in this
    respect? Damien, did you have any thoughts on removing forwardings in
    your planned approach?

    Best wishes,
    Hamish



+ Reply to Thread