> > This is straightforward: If you use the arguments "-R 10000:device:22", > then any attempt to connect to port 10000 on the server will be > transported back to the client, from which it will be an outgoing TCP > connection to port 22 on "device". > Yup, that is exactly it. I just wish for the (third) device not to be able to open another port other than 10000 on the server. So if the (third) device tried to create a tunnel on "-R 10001:device:22" it would be politely denied. Cheers, Juanito _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev