On Fri, 14 Jan 2022 at 03:17, Chris Mitchell <ssh-list@xxxxxxxxxxxxxxxx>
wrote:
> What I hope to accomplish is on-demand activation of ssh port forwards.
> I gather that the OpenSSH server's -i flag is essentially what I'm
> looking for, in which something like inetd or systemd already has port
> 22 open and passes it to sshd at launch. As far as I understand things,
> the OpenSSH *client* has no similar capability, which is unsurprising
> given that it's not a server. ;-)
>
It's not exactly what you ask for later, but it's the exact counterpart for
sshd -i: you can run ssh under inetd (or similar) in "netcat mode" (-W),
where it will pass data on stdin/out to a remote port forward. You'd put
something like this in inetd.conf:
ssh -W destinationhost:port intermediatehost
and set it up with passwordless auth. This will bring up the connection on
demand, but the caveat is that there will be one SSH connection per
forwarded TCP connection, not many multiplexed TCP connections within a
single SSH connection. I've used this construction in the past for various
shenanigans such as routing low-volume mail and accessing backup servers
between networks without direct connections.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
