On Tuesday, September 13, 2005 05:06:40 PM -0400 Sam Hartman <hartmans-ietf@xxxxxxx> wrote:
"Juergen" == Juergen Schoenwaelder <j.schoenwaelder@xxxxxxxxxxxx> writes:Juergen> Sam, Juergen> this is not about blocking port 22 as far as I understand Juergen> things. I think the issue here is that TCP connection Juergen> establishment determines ssh client/server roles. If Juergen> there would be a way to initiate the connection but Juergen> subsequently taking over the server role, protocols like Juergen> netconf and presumably isms would find it much easier to Juergen> provide CH functionality. Right. But for the ssh-connect application I don't think you would want that unless you were trying to get around firewall policy.
I don't think that's necessarily the case. Sure, you might be trying to do that, but you also might be trying to get around the fact that the machines at your house are behind a NAT and thus lack routable addresses.
I suspect that the ssh community would decline to extend ssh in this direction; I certainly know I would not support it.
I'm not entirely sure _how_ I'd extend SSH in this direction, or how much utility it would have. I don't think I would object to it, especially since I suspect it might make some of the ISMS cases easier even if you don't care about the firewall problem.
-- Jeff _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf