Since the SECSH working group has concluded, the Security Area Directors, Sean and Stephen, recommended posting an announcement regarding this individual submission to the SAAG and IETF-SSH mailing lists.
http://tools.ietf.org/html/draft-kwatsen-reverse-ssh-00
Abstract
This memo presents a technique for a SSH (Secure Shell) server to
initiate the underlying TCP connection to the SSH client. This role
reversal is necessary in cases where the SSH client would otherwise
be unable to initiate an SSH connection to the SSH server, such as a
device "calling home" on its first boot.
I come from the NETCONF and NETMOD working groups, and this
submissionhas been developed primarily to support NETCONF, though
it's applicable to any SSH-based protocol and actually has little to
do with NETCONF at all, which is why it is brought here for your
consideration.
FWIW, Juniper has implemented a variant of this proposal, called "outbound-ssh", on almost all its platforms for nearly 5 years now. The solution presented in this I-D, being fully transparent to the SSH protocol, has been shown to be easy to implement across various operating systems and programming languages.