Dynamic Remote Port forward?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi folks,

I'm wondering if it is possible to set up a dynamic port forward (i.e.
socks proxy), where the listening socket is actually on the server rather
than the client as is currently the case for -D ?

A possible use case is providing a deeply firewalled box with an outbound
SOCKS proxy, but only while an inbound ssh connection is active.

Or, in my particular case, I have many routers running OpenWRT, using
sshtunnel to establish a persistent connection to my central server. I want
to be able to reach systems behind the gateways.

I currently have the sshtunnel configuration set up as follows:

On the router:

ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22
sshvpn@central

In this way, should I want to connect to a system behind the router, I can
first establish a new SSH connection back to the router itself, from the
central server:

ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 1080
root@gateway-xxxx

and then use the socks proxy on port 1080 to reach the remote devices.

This is workable, but somewhat clumsy, in my opinion.

My ideal scenario would be something like the following, run on the router:

ssh StreamLocalBindUnlink=yes -nN -RD /sshvpn/gateway-xxxx sshvpn@central

which would allow a process on the central server to establish a connection
through the socks server listening at /sshvpn/gateway-xxxx, with
connections outbound from the router itself.

Obviously the "-DR" option is nonsense, and should be changed to a suitable
single character option, I'm just not sure what is available right now! :-)

Thoughts?

Rogan
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux