On Fri, 14 Jan 2022 at 03:17, Chris Mitchell <ssh-list@xxxxxxxxxxxxxxxx> wrote: > What I hope to accomplish is on-demand activation of ssh port forwards. > I gather that the OpenSSH server's -i flag is essentially what I'm > looking for, in which something like inetd or systemd already has port > 22 open and passes it to sshd at launch. As far as I understand things, > the OpenSSH *client* has no similar capability, which is unsurprising > given that it's not a server. ;-) > It's not exactly what you ask for later, but it's the exact counterpart for sshd -i: you can run ssh under inetd (or similar) in "netcat mode" (-W), where it will pass data on stdin/out to a remote port forward. You'd put something like this in inetd.conf: ssh -W destinationhost:port intermediatehost and set it up with passwordless auth. This will bring up the connection on demand, but the caveat is that there will be one SSH connection per forwarded TCP connection, not many multiplexed TCP connections within a single SSH connection. I've used this construction in the past for various shenanigans such as routing low-volume mail and accessing backup servers between networks without direct connections. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev