I have found myself using OpenSSH for its forwarding abilities, without actually using the remote shell feature. In these cases, the connection itself is over Xen shared memory, so I have no need for any of the cryptography.
While allowing unencrypted SSH connections is obviously a bad idea, I would be very interested in adding support for using SSH as a pure forwarder, to allow forwarding sockets and X11 over an already-established, secure channel. While this is probably possible with libssh, libssh2, or other libraries, OpenSSH’s excellent security track-record makes it preferred here. I suggest that ssh(1) and sshd(8) act as the client and server of this protocol if invoked as forward-client(1) and forward-server(1), respectively. The protocol would be spoken over stdin/stdout. Would there be any interest in this from the OpenSSH maintainers? I have limited time, but would be willing to test patches. Sincerely, Demi
