Net::SSH and port forwarding

Looks like the local->remote port forwarding will be pretty easy to implement (I've already got a prototype that does the trick...messily).

At any rate, I'm looking at this and I'm realizing that because I'm doing this all in Ruby, you could concievably have the port forwarding do tricks based on additional information in the request. Here's a use case to clarify my meaning:

Set up port forwarding on port X. When a connection is recieved, parse the request. If the request matches format A, forward the request to boxA:portA. If the request matches format B, forward the request to boxB:portB. Etc. All of this happens transparently to the client that connected to the local port.

Would this be useful for anyone? I'm probably going to write the Ruby interface in such a way that you could do something like the above with minimal effort, but I'm just curious if anyone would actually use such a feature in practice. :slight_smile:

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

ruby -ropenssl -e'k="01234567";p((c,c.padding,c.iv,c.key=OpenSSL::Cipher::BF.new,false,k,k*2)[0].decrypt.update("1A81803C452C324619D319F980D5B84DBB45FC0FE2BAA045".scan(/../).map{|n|n.to_i(16).chr}.join))'

* Jamis Buck <jgb3@email.byu.edu> [0736 17:36]:

Set up port forwarding on port X. When a connection is recieved, parse
the request. If the request matches format A, forward the request to
boxA:portA. If the request matches format B, forward the request to
boxB:portB. Etc. All of this happens transparently to the client that
connected to the local port.

Would this be useful for anyone?

It would save you having to open multiple tunnels, at least in theory,
which would be very handy in a lot of circumstances.

If you could daemonize that you'd have an stunnel killer...

···

ruby -ropenssl
-e'k="01234567";p((c,c.padding,c.iv,c.key=OpenSSL::Cipher::BF.new,false,k,k*2)[0].decrypt.update("1A81803C452C324619D319F980D5B84DBB45FC0FE2BAA045".scan(/../).map{|n|n.to_i(16).chr}.join))'

--
Life is like a simile.
Rasputin :: Jack of All Trades - Master of Nuns

Dick Davies wrote:

* Jamis Buck <jgb3@email.byu.edu> [0736 17:36]:

Set up port forwarding on port X. When a connection is recieved, parse the request. If the request matches format A, forward the request to boxA:portA. If the request matches format B, forward the request to boxB:portB. Etc. All of this happens transparently to the client that connected to the local port.

Would this be useful for anyone?

It would save you having to open multiple tunnels, at least in theory,
which would be very handy in a lot of circumstances.

Actually, this is something you wouldn't be able to do even with multiple tunnels, since you're still binding to a single port on the localhost. You're just forwarding from that one port to multiple different remote hosts, based on the format of the request.

As I said, it sounds cool, but I wonder how useful it would be in practice. It should be in the next version of Net::SSH, regardless. :slight_smile:

···

--
Jamis Buck
jgb3@email.byu.edu
http://www.jamisbuck.org/jamis

"I use octal until I get to 8, and then I switch to decimal."