[erlang-questions] ssh direct-tcpip port forwarded tunnel

Alex Wilson <>
Tue Jun 10 08:59:22 CEST 2014


The code is making a liar out of me. :)

There is better private API for this now that is marked as "Potential API currently unsupported and not tested" (aka, might become public at some point), in the form of ssh_connection:direct_tcpip/6. There is also ssh_connection:tcpip_forward/3 which you might find interesting as well.

Looks like these have been available since R13B in some form, I missed them completely.

So rather than encoding the binary yourself and calling ssh_connection_handler:open_channel/6, it would be better to do

{open, Chan} = ssh_connection:direct_tcpip(Ssh, "thing-on-other-side.of.tunnel.com", 80, 
    "localhost", crypto:rand_uniform(10000,65000), 1000),

My apologies for misleading anyone.


On 10 Jun 2014, at 4:24 pm, Alex Wilson <> wrote:

> There's no public API in the SSH app for this at the moment.
> 
> However, if you're willing to use private API, you can do something like this:
> 
> {ok, Ssh} = ssh:connect(Host, Port, [...]),
> 
> RemoteHost = "thing-on-other-side.of.tunnel.com",
> RemotePort = 80,
> HostBin = list_to_binary(RemoteHost), HostLen = byte_size(HostBin),
> 
> % the "originating" host, meant to be the thing connecting to the -R/-L forwarder
> % in this case we just generate a random one
> OrigHost = <<"localhost">>, OrigHostLen = byte_size(OrigHost),
> OrigPort = crypto:rand_uniform(10000,65000),
> 
> Msg = <<HostLen:32/big, HostBin/binary, RemotePort:32/big, OrigHostLen:32/big, 
>            OrigHost/binary, OrigPort:32/big>>,
> 
> {open, Chan} = ssh_connection_handler:open_channel(Ssh, "direct-tcpip", 
>    Msg, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, 
>    ?DEFAULT_TIMEOUT),
> 
> % then after you've got the channel, use it like any other:
> _ = ssh_connection:send(Ssh, Chan, <<"some data to send here">>),
> receive
>  {ssh_cm, Ssh, {data, Chan, _, IncomingBinary}} -> ...
>  {ssh_cm, Ssh, {closed, Chan}} -> ...
> end
> 
> etc
> 
> Note that ssh_connection_handler:open_channel/6 changed names between R15B and R16B, it used to be ssh_connection_manager:open_channel/6 and returned {ok, Chan} on success instead of {open, Chan}. Being private API, it might change again at any time! :)
> 
> This should probably have a public API though, it's a pretty useful operation.
> 
> 
> 
> On 7 Jun 2014, at 8:49 am, Tom van Neerijnen <> wrote:
> 
>> Hi all
>> 
>> Does anyone have an example of an Erlang port forwarding SSH server?
>> My aim is to give it a ssh -R 1234:localhost:5678 and have the erlang server forward connections on 1234 to localhost:5678.
>> 
>> I've started ssh:daemon as described in the docs and have an Erlang shell on the server end of my ssh connection, so that at least is working, but I can't seem to get ssh_connection:direct_tcpip called.
>> I  guessed that I needed to add a "direct-tcpip" subsystem but this is ignored when I ssh in.
>> Anyone got any pointers to get me started?
>> 
>> -- 
>> 
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions




More information about the erlang-questions mailing list