I have an ugly patch for that feature that requires protocol modification. > Am 04.05.2016 um 23:32 schrieb Rogan Dawes <rogan@xxxxxxxxxxxx>: > > Hi folks, > > I'm wondering if it is possible to set up a dynamic port forward (i.e. > socks proxy), where the listening socket is actually on the server rather > than the client as is currently the case for -D ? > > A possible use case is providing a deeply firewalled box with an outbound > SOCKS proxy, but only while an inbound ssh connection is active. > > Or, in my particular case, I have many routers running OpenWRT, using > sshtunnel to establish a persistent connection to my central server. I want > to be able to reach systems behind the gateways. > > I currently have the sshtunnel configuration set up as follows: > > On the router: > > ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22 > sshvpn@central > > In this way, should I want to connect to a system behind the router, I can > first establish a new SSH connection back to the router itself, from the > central server: > > ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 1080 > root@gateway-xxxx > > and then use the socks proxy on port 1080 to reach the remote devices. > > This is workable, but somewhat clumsy, in my opinion. > > My ideal scenario would be something like the following, run on the router: > > ssh StreamLocalBindUnlink=yes -nN -RD /sshvpn/gateway-xxxx sshvpn@central > > which would allow a process on the central server to establish a connection > through the socks server listening at /sshvpn/gateway-xxxx, with > connections outbound from the router itself. > > Obviously the "-DR" option is nonsense, and should be changed to a suitable > single character option, I'm just not sure what is available right now! :-) > > Thoughts? > > Rogan > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
