"on-the-fly" SSH Port Forwarding - openssh

This is a discussion on "on-the-fly" SSH Port Forwarding - openssh ; Hi, I am using the following version of OpenSSH for reference: root@proxy:/root# ssh -V OpenSSH_4.8, OpenSSL 0.9.7j 04 May 2006 root@proxy:/root# uname -a OpenBSD proxy.localdomain 4.3 GENERIC#698 i386 I am developing an application which uses on-the-fly SSH port forwarding by ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: "on-the-fly" SSH Port Forwarding

  1. "on-the-fly" SSH Port Forwarding

    Hi,

    I am using the following version of OpenSSH for reference:

    root@proxy:/root# ssh -V
    OpenSSH_4.8, OpenSSL 0.9.7j 04 May 2006

    root@proxy:/root# uname -a
    OpenBSD proxy.localdomain 4.3 GENERIC#698 i386

    I am developing an application which uses on-the-fly SSH port forwarding
    by using the "~C" escape sequence to add local port forwards when needed
    (through Expect). It would appear that there is no option to remove
    local port forwards and only remote port forwards:

    ssh> -h
    Commands:
    -L[bind_address:]port:host:hostport Request local forward
    -R[bind_address:]port:host:hostport Request remote forward
    -KR[bind_address:]port Cancel remote forward

    I am hitting scalability issues as I am not able to cancel local
    forwards and after about 251 tunnels I am unable to add any more. (I am
    assuming this is platform/machine dependent as it complains about "No
    buffer space").

    How come there isn't an option to remove local forwards when there is to
    remove remote ones? Is this by design or something that was never
    implemented?

    Thanks in advance,
    Chris
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: "on-the-fly" SSH Port Forwarding

    On Sun, 7 Sep 2008, Chris Mason wrote:

    > Hi,
    >
    > I am using the following version of OpenSSH for reference:
    >
    > root@proxy:/root# ssh -V
    > OpenSSH_4.8, OpenSSL 0.9.7j 04 May 2006
    >
    > root@proxy:/root# uname -a
    > OpenBSD proxy.localdomain 4.3 GENERIC#698 i386
    >
    > I am developing an application which uses on-the-fly SSH port forwarding
    > by using the "~C" escape sequence to add local port forwards when needed
    > (through Expect). It would appear that there is no option to remove
    > local port forwards and only remote port forwards:
    >
    > ssh> -h
    > Commands:
    > -L[bind_address:]port:host:hostport Request local forward
    > -R[bind_address:]port:host:hostport Request remote forward
    > -KR[bind_address:]port Cancel remote forward
    >
    > I am hitting scalability issues as I am not able to cancel local
    > forwards and after about 251 tunnels I am unable to add any more. (I am
    > assuming this is platform/machine dependent as it complains about "No
    > buffer space").


    Could you please send a debug trace of this happening? ("ssh -vvv")
    There is IIRC a fixed limit to the number of forwards that you can
    establish, but it should give at least a more friendly error message.

    > How come there isn't an option to remove local forwards when there is to
    > remove remote ones? Is this by design or something that was never
    > implemented?


    It was never implemented, but probably would be quite easy to do.

    Another option, which would probably be way better for your application
    is to use the dynamic/SOCKS port forwarding and possibly a small helper
    application.

    Still another option is to implement addition/removal of port-forwards
    via the control multiplexing socket. This has been on my TODO list for
    quite a while.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread