<div dir="ltr">Hi Max,<div><br></div><div>I did the same thing some months ago, and I did dive into the Erlang ssh implementation a bit.</div><div><br></div><div>I didn't have a need for port forwarding, but as far as I can remember they are not implemented by the ssh application because all `ssh global requests` are denied:</div><div><a href="https://github.com/erlang/otp/blob/177eab3b67d9840c75d9986cd8870a84414bcacb/lib/ssh/src/ssh_connection.erl#L654">https://github.com/erlang/otp/blob/177eab3b67d9840c75d9986cd8870a84414bcacb/lib/ssh/src/ssh_connection.erl#L654</a><br></div><div><br></div><div>Best,</div><div>Ali</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Jan 28, 2018 at 9:35 AM, Max Lapshin <span dir="ltr"><<a href="mailto:max.lapshin@gmail.com" target="_blank">max.lapshin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi.<div><br></div><div>I'm writing ssh proxy in erlang: <a href="https://github.com/flussonic/ssh-proxy" target="_blank">https://github.com/<wbr>flussonic/ssh-proxy</a></div><div><br></div><div>It is required for our support team: engineers need to login to customers servers but I want to make a revocation of access.</div><div><br></div><div>So this is a proxy that will hide our team private key from whole team (except me).</div><div><br></div><div>There is a working POC, but I've got a problem:</div><div><br></div><div>port forwarding do not work:</div><div><br></div><div>
<p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures">debug1: Connection to port 9080 forwarding to localhost port 80 requested.</span></p>
<p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures">debug1: channel 3: new [direct-tcpip]</span></p>
<p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures">channel 3: open failed: administratively prohibited: Not allowed</span></p>
<p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures">debug1: channel 3: free: direct-tcpip: listening port 9080 for localhost port 80, connect from ::1 port 54743 to ::1 port 9080, nchannels 4</span></p><p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures"><br></span></p><p class="m_7747516430063376665gmail-p1" style="margin:0px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:13px;line-height:normal;font-family:Menlo"><span class="m_7747516430063376665gmail-s1" style="font-variant-ligatures:no-common-ligatures">Is something not ready in erlang ssh?</span></p></div></div>
<br>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div>