Re: Port Forward Limit?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



We have our own internal set of utilities, we'll call it "myssh." We have
one central server that receives ssh connections from client servers. Each
client server is then associated with a port on that central server. myssh
(just a wrapper around ssh) pulls back all of the ports to in use to our
local machine. Each port is then associated with a hostname. So we just use
the utility in place of ssh and it maps the port.


So instead of "ssh -p 12345 localhost" it would be "myssh client.server.com"

One of the switches for "myssh" allows us to pull ports for a group of
servers instead of all of them. If we use that switch and pull back a few
hundred at a time, we're fine. It looks like it has a problem right around
2300 ports.

On Fri, Sep 26, 2014 at 9:11 PM, Todd Morgan <bamamorgans@xxxxxxxxx> wrote:

> We have our own internal set of utilities, we'll call it "myssh." We have
> one central server that receives ssh connections from client servers. Each
> client server is then associated with a port on that central server. myssh
> (just a wrapper around ssh) pulls back all of the ports to in use to our
> local machine. Each port is then associated with a hostname. So we just use
> the utility in place of ssh and it maps the port.
>
>
> So instead of "ssh -p 12345 localhost" it would be "myssh
> client.server.com"
>
> One of the switches for "myssh" allows us to pull ports for a group of
> servers instead of all of them. If we use that switch and pull back a few
> hundred at a time, we're fine. It looks like it has a problem right around
> 2300 ports.
>
> On Fri, Sep 26, 2014 at 9:00 PM, Christian Hesse <mail@xxxxxxxx> wrote:
>
>> Todd Morgan <bamamorgans@xxxxxxxxx> on Fri, 2014/09/26 15:01:
>> > At my company we use port forwarding as an alternative to VPN. In
>> previous
>> > releases of openssh (pre 6.0) we could run a script and fetch the
>> thousands
>> > of forwards to our local machine to connect to remote machines. Since
>> > openssh 6.x, whenever we run the same script we get a bufferoverflow
>> error.
>>
>> Did not take a look at you issue, but (if I understand your needs
>> correctly) using sshuttle [0] may be an option.
>>
>> Buffer overflow should not occur, though...
>>
>> [0] https://github.com/apenwarr/sshuttle
>> --
>> Schoene Gruesse
>> Chris
>>                          O< ascii ribbon campaign
>>                    stop html mail - www.asciiribbon.org
>>
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux