OK you will likely be able to tell I am a newb when it comes to mailing lists,
so please forgive me if I have sent this to the wrong place or have used the
wrong format. While i do not know how likely a dev will read this, maybe
someone closer can pass this along.
I have been using ssh for a while and recently discovered how ssh is so much
more. I have appreciated how programs like scp, sftp and rsync use ssh for
authentication and security and then I have played a little with ssh-fs.
However, now I have discovered things like local and reverse forwarding,
dynamic socks forwarding, tunneling, etc. and all I can say is WOW! So all can
say is things to the devs and all of you that have helped make ssh all that it
is. It's feature rich, stable and secure. I do have a couple of suggestions and
some questions.
Suggestions
1) Add an option for Reverse dynamic forwards.
2) Add more options for the GatewayPorts settings in the sshd_config file.
Currently, no, clientspecified and yes are the only options. I think there
should be a yes option, that allows the client to specify localhost only. This
would allow the client to force localhost only even when the gatewayport
settings is to a version of yes that would normally allow on all addresses.
2a) Maybe this should be 2 options to cover if the client requests multiple
bind addresses and the gatewayports option is ones of these new versions of
yes. It would only open localhost if the client specified just localhost or
localhost + multiple other bind addresses. The other would open up only
localhost if the client specified only localhost, but open all addresses if the
client specified local host + multiple other bind addresses. If the client did
not specify localhost, all addresses would be open with either option.
2b) I would like to see a 2nd clientspecified option. One that only opens all
addresses if the client specifically requests it. I am not sure if the ssh
client currently specifies all or 0.0.0.0 if I do not specify a bind address or
if it just leaves that field blank. If it's blank, this is easy, if the new
clientspecified option is set and the bind address field is empty, it only
opens the forward to localhost. If the bind address feild cannot be blank, I am
not sure what can be done to maintain compatibility unless the ssh client is
already using a bind address term not used by end users, meaning not all or
0.0.0.0.
2c) It would also be nice if in the GatewayPorts, I could set specific bind
addresses.
2d) There should be an equivalent of these options for the client side to
ignore or cancel the forward if the bind ports are not what it wants. e.g. The
client could specify all ports and if the server forces this to localhost, the
end user could set an option to cancel the forward in that case. If the end
user sets multiple binds, he/she could specify absolutes, so that if all the
ones marked absolute are not allowed, the forward is canceled. Also, the client
should be able to set an if more than these addresses are allowed option so
that if more than the requested addresses are allowed, the forward is canceled.
Both options should be able to be used at the same time and the latter should
only have to be used on one of the forward options for it to apply to all of
them.
3) Maybe this already exits, so maybe this is not a request. Would like an easy
to use command that lets us see all the forwards and tunnels on a computer. I
should be able to limit to one or multiple types, local, remote, dynamic,
remote dynamic (if my request is added), tunnels initiated locally and tunnels
initiated remotely. Should be options for all forwards only, all tunnels only
everything and if you could use the inclusive options and exclude ones you do
not want in the list. It would be great if I could set a specific log just for
this and so that ever time thius changes it updates that log with the change or
all the connections with the changes highlighted. e.g. added in front of each
that was added and removed for those that were closed. No, gSTM
(http://sourceforge.net/projects/gstm/) is not an alternative for what I am
suggesting.
4) Command that can show all ssh connections, remote and local.
Question
Is there a way to send a command via ssh that stays open even if the the ssh
session that created it closes? I have this figured out already, I think, but
my problem is that my ssh session does not close like it normally does after a
command is run and completed. So maybe my real question is, how do I do this
and have the ssh session close after the command is run? e.g. If I run the
following command, I get output and the ssh command closes. Of course the
command I am running in this example, has an end, but the one I want to use
does not.
ssh -p 4731 r...@localhost netstat -an | egrep "tcp.*:3731.*LISTEN"
However, if run one of the following commands, the remote command works, but
am not returned to the command prompt. I have to kill the ssh connection to be
returned to a prompt and the remote command stays running after I kill the
initial connection, but this does not help me in a script.
$ ssh -p 4731 r...@localhost 'ssh -q -N -D 1873 -p 3731 s...@localhost &'
$ ssh -p 4731 r...@localhost ssh -q -N -f -D 1873 -p 3731 s...@localhost
Btw, the fact that I am using localhost does not mean that all connections are
to the same computer. The ports are forwards. I know I can send the local
command to the background, but there is no need to keep it open, i want to to
close like it does with ssh -p 4731 r...@localhost netstat -an | egrep
"tcp.*:3731.*LISTEN".
Thanks,
Chris
_________________________________________________________________
Windows Live™ Hotmail®:…more than just e-mail.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_hm_justgotbetter_explore_022009
