On January 13, 2022 6:01 PM, Darren Tucker wrote: > On Fri, 14 Jan 2022 at 03:17, Chris Mitchell <ssh-list@xxxxxxxxxxxxxxxx> > wrote: > > > What I hope to accomplish is on-demand activation of ssh port forwards. > > I gather that the OpenSSH server's -i flag is essentially what I'm > > looking for, in which something like inetd or systemd already has port > > 22 open and passes it to sshd at launch. As far as I understand > > things, the OpenSSH *client* has no similar capability, which is > > unsurprising given that it's not a server. ;-) > > > > It's not exactly what you ask for later, but it's the exact counterpart for sshd -i: you > can run ssh under inetd (or similar) in "netcat mode" (-W), where it will pass data > on stdin/out to a remote port forward. You'd put something like this in inetd.conf: > > ssh -W destinationhost:port intermediatehost > > and set it up with passwordless auth. This will bring up the connection on demand, > but the caveat is that there will be one SSH connection per forwarded TCP > connection, not many multiplexed TCP connections within a single SSH > connection. I've used this construction in the past for various shenanigans such as > routing low-volume mail and accessing backup servers between networks without > direct connections. For multiplexed connections, would not local port forwarding be a better architecture? It does not pass off sockets but allows on-demand access. --Randall _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
