Alternatives for port forwarding

I've been thinking about some ideas I'd like to do with port forwarding
like what SSH can do. But what I wanted to do is more complex and seems
to exceed what SSH can accomplish. Maybe someone has an idea how to do
this with SSH anyway?

The objective is to make a server node that users can log into through
a normal SSH client, with multiple logins from two or more different
computer hosts, and have port forwarding rerouted from one machine to
any other in the "cluster" of those logged in. I know this can be done
by a combination of remote and local forwarding through listens active
on the common server. However, this can be an administrative mess if
a number of users are involved. For one thing it ties up a resource
that needs to be carefully allocated but cannot be enforced: ports
If one user is having host A log in with a remote forward listening on
port 10000, with the intent of logging in from host B with a local forward
to reach that port 10000 to make a connection through to host A, it is
possible some other user could beat them to using port 10000. Host A
could in theory pick some other port, but how would host B know what it
is?

The dream solution is some kind of service that can be used to handle the
network traffic on forwarded ports without actually having any listening
being done on the server, or any connections to a port on the server.
And the ideal would be to keep it all isolated within a group of users
so that users of another group cannot connect over. I'm not sure how
the connections would be appropriately identified (e.g. how would host
B indicate it wants to forward through to host A even though all these
SSH connections are really to the central server). One thing that is
essential is that these destination identities need to be separate from
any other user group, including the other group being able to use the
same exact identity without any inter-group collision or breach.

I suspect this may require some big additions to the sshd code to handle
it. Or maybe it's better to just not use SSH and to develop another SSL
based protocol. Any ideas?

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-02-05-2128@xxxxxxxx |
|------------------------------------/-------------------------------------|
.

Relevant Pages

  • Re: Port Forwarding
    ... I'm using SecureCRT 5.2.1 and i want to make ssh tunnel to access some ... I have to access Host 2, but to get to host 2 i have to first access ... Is there a way of doing it on SecureCRT? ... pick a port to use locally. ...
    (comp.security.ssh)
  • Re: ssh gives "Permission denied, please try again"
    ... port 22 on your internal machine, so you will need to keep ssh up to ... I configure the router to forward a different external port to 22 on my ... For good measure pick usernames that are none obvious, ... root/password: 163 times ...
    (uk.comp.os.linux)
  • [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
    ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
    (Securiteam)
  • Remote assistance/desktop
    ... Host machine, Windows XP Professional SP/2 in a LAN behind a NAT/firewall ... port forwarding (or even what it is - I won't approach him until I know ... If I go with remote desktop, what NAT configuration changes do I need to ... port xxx to forward to 3389 on the first desktop, ...
    (microsoft.public.windowsxp.general)
  • Re: Alternatives for port forwarding
    ... to exceed what SSH can accomplish. ... If one user is having host A log in with a remote forward listening on ... port 10000, with the intent of logging in from host B with a local forward ... or any connections to a port on the server. ...
    (comp.security.ssh)