Hi folks, I'm wondering if it is possible to set up a dynamic port forward (i.e. socks proxy), where the listening socket is actually on the server rather than the client as is currently the case for -D ? A possible use case is providing a deeply firewalled box with an outbound SOCKS proxy, but only while an inbound ssh connection is active. Or, in my particular case, I have many routers running OpenWRT, using sshtunnel to establish a persistent connection to my central server. I want to be able to reach systems behind the gateways. I currently have the sshtunnel configuration set up as follows: On the router: ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22 sshvpn@central In this way, should I want to connect to a system behind the router, I can first establish a new SSH connection back to the router itself, from the central server: ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 1080 root@gateway-xxxx and then use the socks proxy on port 1080 to reach the remote devices. This is workable, but somewhat clumsy, in my opinion. My ideal scenario would be something like the following, run on the router: ssh StreamLocalBindUnlink=yes -nN -RD /sshvpn/gateway-xxxx sshvpn@central which would allow a process on the central server to establish a connection through the socks server listening at /sshvpn/gateway-xxxx, with connections outbound from the router itself. Obviously the "-DR" option is nonsense, and should be changed to a suitable single character option, I'm just not sure what is available right now! :-) Thoughts? Rogan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev