Port forwarding feature suggestion: bind to port 0
Hi,
Sometimes it's desirable to bind a port forward to port 0: especially when
scripting port forwarding, and more especially so with the '-f -N' options.
The version of OpenSSH bundled with OSX (4.7p1) accepts '-L 0:192.168.1.1:22',
but only if ran as root (I guess this was more an accident than a feature).
I saw that the current version (5.1p1) will decline such an options, saying
'Bad local forwarding specification'.
I think that's a shame and would like to suggest a feature that would
further ease port forwarding; namely, not only allow port 0 forwarding, but
also have ssh automagically get the chosen port number from the kernel with
getsockname and print it out.
It's debatable whether it's worthwhile to add a new option that will make
the printout easily machine parseable (say, '-P', and then the only output
would be the string representation of the socket, with no further text).
The exact same should be done with remote port forwarding.
I guess this would be a trivial change for anyone with any OpenSSH hacking,
but if the list would accept this feature and no one would like to jot it
while munching morning cereals or something, I'll be happy to code it and
submit a diff.
- Yaniv
A bit off topic, but I have to say this:
I'm an avid fan (and a humble recurring donator...) of OpenSSH for years
now, I think when combining all the metrices of good software, it's one of
the best on the planet. Thank you to all submitters wherever you are.
_______________________________________________
openssh-unix-dev mailing list
[email]openssh-unix-dev@mindrot.org[/email]
[url]https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev[/url]
Re: Port forwarding feature suggestion: bind to port 0
On Sat, 2 Aug 2008, Yaniv Aknin wrote:
[color=blue]
> Hi,
>
> Sometimes it's desirable to bind a port forward to port 0: especially
> when scripting port forwarding, and more especially so with the '-f
> -N' options.
>
> The version of OpenSSH bundled with OSX (4.7p1) accepts '-L
> 0:192.168.1.1:22', but only if ran as root (I guess this was more an
> accident than a feature). I saw that the current version (5.1p1) will
> decline such an options, saying 'Bad local forwarding specification'.
>
> I think that's a shame and would like to suggest a feature that
> would further ease port forwarding; namely, not only allow port 0
> forwarding, but also have ssh automagically get the chosen port number
> from the kernel with getsockname and print it out.[/color]
If it worked before it was by accident. We do not properly implement
port-0 forwarding, as the peer is supposed to send back a message
indicating the port that was actually bound (see RFC 4254 section 7.1).
[url]https://bugzilla.mindrot.org/show_bug.cgi?id=1003[/url] had a patch to
implement it, but it contained some problems the last time I checked it.
Since then I have implemented some infrastructure (expected response
queues) that will make it much easier to implement.
I'm also not sure how the bound port will be reported back to the
client. It would be easy to logit(), but that doesn't make it
particularly accessible to scripts. If you have any ideas, add yourself
to the bug and mention them there.
I'll put it on the list for 5.2, but it will more likely to be 5.3 as
5.2 is looking more and more like a bugfix-only release.
[color=blue]
> A bit off topic, but I have to say this: I'm an avid fan (and a humble
> recurring donator...) of OpenSSH for years now, I think when combining
> all the metrices of good software, it's one of the best on the planet.
> Thank you to all submitters wherever you are.[/color]
Thanks!
-d
_______________________________________________
openssh-unix-dev mailing list
[email]openssh-unix-dev@mindrot.org[/email]
[url]https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev[/url]
