IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [saag] draft-kwatsen-reverse-ssh submission for review





On 5/12/2011 4:31 PM, Kent Watsen wrote:

Since the SECSH working group has concluded, the Security Area Directors, Sean and Stephen, recommended posting an announcement regarding this individual submission to the SAAG and IETF-SSH mailing lists.


    http://tools.ietf.org/html/draft-kwatsen-reverse-ssh-00

    Abstract

       This memo presents a technique for a SSH (Secure Shell) server to
       initiate the underlying TCP connection to the SSH client.  This role
       reversal is necessary in cases where the SSH client would otherwise
       be unable to initiate an SSH connection to the SSH server, such as a
       device "calling home" on its first boot.


I come from the NETCONF and NETMOD working groups, and this
submissionhas been developed primarily to support NETCONF, though
it's applicable to any SSH-based protocol and actually has little to
do with NETCONF at all, which is why it is brought here for your
consideration.

FWIW, Juniper has implemented a variant of this proposal, called "outbound-ssh", on almost all its platforms for nearly 5 years now.  The solution presented in this I-D, being fully transparent to the SSH protocol, has been shown to be easy to implement across various operating systems and programming languages.

Any clue what port they're using for this? There doesn't appear to be one currently allocated.

Also, there are separate ports for SSH (22) and netconf over SSH (830) - does this mean this proposal would need a reverse port for every SSH-based service?

Joe



Home | Main Index | Thread Index | Old Index