openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Re: Determining the port assigned by -R 0

Re: Determining the port assigned by -R 0

From: Glenn Maynard <glenn_at_nospam>
Date: Sun Oct 23 2011 - 14:05:38 GMT
To: openssh-unix-dev@mindrot.org

On Fri, Oct 14, 2011 at 7:13 PM, Damien Miller <djm@mindrot.org> wrote:

> It's easier if you use the multiplexing socket.
>
> ssh -O forward -R0:xxx:yyy host
>
> will print the allocated port to stdout on success.
>

I suppose that works, but it'd be better to do this server-side. That way,
the script run on the server doesn't have to trust the client to pass along
correct information. For example, if a client tries forwarding thousands of
ports, the script could reliably detect that and close the connection.
(This is a remote diagnostics script; the remote client is untrusted.)

By the way, it'd be helpful to be able to specify eg. "PermitOpen none"; I
ended up arriving at the same hack that this guy used:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543683. It's minor, but
it'd be nice to be able to do this correctly.

-- Glenn Maynard _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev