We have our own internal set of utilities, we'll call it "myssh." We have one central server that receives ssh connections from client servers. Each client server is then associated with a port on that central server. myssh (just a wrapper around ssh) pulls back all of the ports to in use to our local machine. Each port is then associated with a hostname. So we just use the utility in place of ssh and it maps the port. So instead of "ssh -p 12345 localhost" it would be "myssh client.server.com" One of the switches for "myssh" allows us to pull ports for a group of servers instead of all of them. If we use that switch and pull back a few hundred at a time, we're fine. It looks like it has a problem right around 2300 ports. On Fri, Sep 26, 2014 at 9:11 PM, Todd Morgan <bamamorgans@xxxxxxxxx> wrote: > We have our own internal set of utilities, we'll call it "myssh." We have > one central server that receives ssh connections from client servers. Each > client server is then associated with a port on that central server. myssh > (just a wrapper around ssh) pulls back all of the ports to in use to our > local machine. Each port is then associated with a hostname. So we just use > the utility in place of ssh and it maps the port. > > > So instead of "ssh -p 12345 localhost" it would be "myssh > client.server.com" > > One of the switches for "myssh" allows us to pull ports for a group of > servers instead of all of them. If we use that switch and pull back a few > hundred at a time, we're fine. It looks like it has a problem right around > 2300 ports. > > On Fri, Sep 26, 2014 at 9:00 PM, Christian Hesse <mail@xxxxxxxx> wrote: > >> Todd Morgan <bamamorgans@xxxxxxxxx> on Fri, 2014/09/26 15:01: >> > At my company we use port forwarding as an alternative to VPN. In >> previous >> > releases of openssh (pre 6.0) we could run a script and fetch the >> thousands >> > of forwards to our local machine to connect to remote machines. Since >> > openssh 6.x, whenever we run the same script we get a bufferoverflow >> error. >> >> Did not take a look at you issue, but (if I understand your needs >> correctly) using sshuttle [0] may be an option. >> >> Buffer overflow should not occur, though... >> >> [0] https://github.com/apenwarr/sshuttle >> -- >> Schoene Gruesse >> Chris >> O< ascii ribbon campaign >> stop html mail - www.asciiribbon.org >> > > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
