Re: Dynamic Remote Port forward?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I have an ugly patch for that feature that requires protocol modification. 

> Am 04.05.2016 um 23:32 schrieb Rogan Dawes <rogan@xxxxxxxxxxxx>:
> 
> Hi folks,
> 
> I'm wondering if it is possible to set up a dynamic port forward (i.e.
> socks proxy), where the listening socket is actually on the server rather
> than the client as is currently the case for -D ?
> 
> A possible use case is providing a deeply firewalled box with an outbound
> SOCKS proxy, but only while an inbound ssh connection is active.
> 
> Or, in my particular case, I have many routers running OpenWRT, using
> sshtunnel to establish a persistent connection to my central server. I want
> to be able to reach systems behind the gateways.
> 
> I currently have the sshtunnel configuration set up as follows:
> 
> On the router:
> 
> ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22
> sshvpn@central
> 
> In this way, should I want to connect to a system behind the router, I can
> first establish a new SSH connection back to the router itself, from the
> central server:
> 
> ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 1080
> root@gateway-xxxx
> 
> and then use the socks proxy on port 1080 to reach the remote devices.
> 
> This is workable, but somewhat clumsy, in my opinion.
> 
> My ideal scenario would be something like the following, run on the router:
> 
> ssh StreamLocalBindUnlink=yes -nN -RD /sshvpn/gateway-xxxx sshvpn@central
> 
> which would allow a process on the central server to establish a connection
> through the socks server listening at /sshvpn/gateway-xxxx, with
> connections outbound from the router itself.
> 
> Obviously the "-DR" option is nonsense, and should be changed to a suitable
> single character option, I'm just not sure what is available right now! :-)
> 
> Thoughts?
> 
> Rogan
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux