On 2019-10-15 20:45, hvjunk wrote: > > The more I read this, and your other responses, the more I have the funny feeling you are looking for the -L & -R options, perhaps the -J option and should consider the -D & -w & -W options too. > The -L, -N, -oStrictHostKeyChecking=no, and -oProxyCommand= options to ssh(1), and the -i option to sshd(8), do indeed do what I need. As I said, however, the interface is rather clumsy: I don’t need host keys at all (since the connection is already authenticated), and the encryption is needless overhead when the connection is over Xen shared memory. My ultimate solution did, in fact, use OpenSSH as it exists today. I just think that it can be improved :). > >> Another alternative would be additional options, like >> `-oIPromiseMyConnectionIsTrustedDisableAuthenticationAndEncryption=yes`, >> to ssh(1) and sshd(8). >> >> How difficult would it be to incorporate such a tool into OpenSSH? >> If this is not something the OpenSSH developers are interested in, I >> could try to write one myself, but that would likely be significantly >> more effort and duplicate capabilities already found in the OpenSSH >> codebase. I also won’t have time for quite a while. >> >> Disclaimer: I have almost no knowledge of the SSH protocol, and >> have not looked at the OpenSSH source code. I am merely a (very) >> happy user. > > Perhaps re-read the ssh(1) manual pages…. I found the -w & -W options as I were preparing for a VPN talk the past month ;) (And I’ve been using SSH since 1993) > > Else, you might consider VTUN for a stream forwarding option too (and not just a tap/tun connection) > I just installed vtun, and it can indeed forward streams. However, it seems to also require one connection per stream. If it had all the forwarding abilities that OpenSSH has, and its client was equally secure against malicious servers, it would be an ideal solution. Sincerely, Demi
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
