Port forwarding feature suggestion: bind to port 0 - openssh

This is a discussion on Port forwarding feature suggestion: bind to port 0 - openssh ; Hi, Sometimes it's desirable to bind a port forward to port 0: especially when scripting port forwarding, and more especially so with the '-f -N' options. The version of OpenSSH bundled with OSX (4.7p1) accepts '-L 0:192.168.1.1:22', but only if ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Port forwarding feature suggestion: bind to port 0

  1. Port forwarding feature suggestion: bind to port 0

    Hi,

    Sometimes it's desirable to bind a port forward to port 0: especially when
    scripting port forwarding, and more especially so with the '-f -N' options.

    The version of OpenSSH bundled with OSX (4.7p1) accepts '-L 0:192.168.1.1:22',
    but only if ran as root (I guess this was more an accident than a feature).
    I saw that the current version (5.1p1) will decline such an options, saying
    'Bad local forwarding specification'.

    I think that's a shame and would like to suggest a feature that would
    further ease port forwarding; namely, not only allow port 0 forwarding, but
    also have ssh automagically get the chosen port number from the kernel with
    getsockname and print it out.

    It's debatable whether it's worthwhile to add a new option that will make
    the printout easily machine parseable (say, '-P', and then the only output
    would be the string representation of the socket, with no further text).

    The exact same should be done with remote port forwarding.

    I guess this would be a trivial change for anyone with any OpenSSH hacking,
    but if the list would accept this feature and no one would like to jot it
    while munching morning cereals or something, I'll be happy to code it and
    submit a diff.

    - Yaniv

    A bit off topic, but I have to say this:
    I'm an avid fan (and a humble recurring donator...) of OpenSSH for years
    now, I think when combining all the metrices of good software, it's one of
    the best on the planet. Thank you to all submitters wherever you are.
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: Port forwarding feature suggestion: bind to port 0



    On Sat, 2 Aug 2008, Yaniv Aknin wrote:

    > Hi,
    >
    > Sometimes it's desirable to bind a port forward to port 0: especially
    > when scripting port forwarding, and more especially so with the '-f
    > -N' options.
    >
    > The version of OpenSSH bundled with OSX (4.7p1) accepts '-L
    > 0:192.168.1.1:22', but only if ran as root (I guess this was more an
    > accident than a feature). I saw that the current version (5.1p1) will
    > decline such an options, saying 'Bad local forwarding specification'.
    >
    > I think that's a shame and would like to suggest a feature that
    > would further ease port forwarding; namely, not only allow port 0
    > forwarding, but also have ssh automagically get the chosen port number
    > from the kernel with getsockname and print it out.


    If it worked before it was by accident. We do not properly implement
    port-0 forwarding, as the peer is supposed to send back a message
    indicating the port that was actually bound (see RFC 4254 section 7.1).

    https://bugzilla.mindrot.org/show_bug.cgi?id=1003 had a patch to
    implement it, but it contained some problems the last time I checked it.
    Since then I have implemented some infrastructure (expected response
    queues) that will make it much easier to implement.

    I'm also not sure how the bound port will be reported back to the
    client. It would be easy to logit(), but that doesn't make it
    particularly accessible to scripts. If you have any ideas, add yourself
    to the bug and mention them there.

    I'll put it on the list for 5.2, but it will more likely to be 5.3 as
    5.2 is looking more and more like a bugfix-only release.

    > A bit off topic, but I have to say this: I'm an avid fan (and a humble
    > recurring donator...) of OpenSSH for years now, I think when combining
    > all the metrices of good software, it's one of the best on the planet.
    > Thank you to all submitters wherever you are.


    Thanks!

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread