port forwarding challenge?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
When my X connection or agent connection gets forwarded, the "other end"
gets environment variables setup to point to an arbitrarily chosen
socket of some kind that programs on the other end can talk to.

When I want to forward some other kind of connection, I have to provide
an explicit port number for the other end to listen on. This effectively
means I have to coordinate with all other users of the target system
to make sure we aren't trying to allocate the same port numbers.

It would be nice to avoid this problem and have some way to get the
sshd to choose the port numbers for me and just tell me about them.

One solution I can imagine for this is a new kind of port forwarding
syntax: instead of giving it a port number to listen at on the other
end, I give it an environment variable name, the other end then lets
the OS pick a port number and it just sticks that port number in the
environment variable. (Just an example I invented to demonstrate my
quandry, not a specific enhancement request :-).

Is there some way to achieve this now via openssh and I am merely too
dense to understand? Or is this really impossible and I'm stuck with
needing to know port numbers ahead of time?

Thanks for any enlightenment you can provide.

Re: port forwarding challenge?

Quoted text here. Click to load it

The SSH protocol allows that.

Quoted text here. Click to load it

Now that's harder.  The ssh client can't influence the environment of its
parent process (ie the shell).  You could output the port number on stdout
or something.

Quoted text here. Click to load it

Now, no.  There's an enhancement request for this over here:

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Re: port forwarding challenge?

Tom Horsley wrote:

Quoted text here. Click to load it

I'm not sure I understand the problem. Are you saying several people
want set up a secure channel to the same remote port # on the same
server? If so you can do that by forwarding a local port from each of
their workstations. Lets say for example 10 people want to forward
Oracle Network traffic over a secure connection to a server named
dbserver. They each just run...

ssh -NL 1521:localhost:1521 username@dbserver

Re: port forwarding challenge?

Chuck wrote:
Quoted text here. Click to load it

Nope, I'm saying several people want to startup their own unique servers
just for them, not on some well known priviledged port number. One way
to do it is for their server to get a random port from the kernel and
print it out so you know what port number to connect to, but it is now
too late to forward that port.

I'm currently working on turning my brain inside-out to solve the
problem from a totally different direction :-).

Site Timeline