On Tuesday, September 13, 2005 05:06:40 PM -0400 Sam Hartman
<hartmans-ietf(_at_)mit(_dot_)edu> wrote:
"Juergen" == Juergen Schoenwaelder
<j(_dot_)schoenwaelder(_at_)iu-bremen(_dot_)de>
writes:
Juergen> Sam,
Juergen> this is not about blocking port 22 as far as I understand
Juergen> things. I think the issue here is that TCP connection
Juergen> establishment determines ssh client/server roles. If
Juergen> there would be a way to initiate the connection but
Juergen> subsequently taking over the server role, protocols like
Juergen> netconf and presumably isms would find it much easier to
Juergen> provide CH functionality.
Right. But for the ssh-connect application I don't think you would
want that unless you were trying to get around firewall policy.
I don't think that's necessarily the case. Sure, you might be trying to do
that, but you also might be trying to get around the fact that the machines
at your house are behind a NAT and thus lack routable addresses.
I suspect that the ssh community would decline to extend ssh in this
direction; I certainly know I would not support it.
I'm not entirely sure _how_ I'd extend SSH in this direction, or how much
utility it would have. I don't think I would object to it, especially
since I suspect it might make some of the ISMS cases easier even if you
don't care about the firewall problem.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf