Hacker News new | ask | show | jobs
by simcop2387 2200 days ago 

    ssh -N -L5900:127.0.0.1:5900 user@server
is usually cleaner than using nc, it doesn't require running any commands on the remote system and lets you do any port changing that you need to make things work between each side.
1 comments
Arnavion 2200 days ago
Right, I had to use `nc` instead of forwarding the port from SSH itself because I use systemd socket activation for that ssh command, with

    ExecStart=ssh -T server 'nc 127.0.0.1 5900'
    StandardInput=socket
    StandardOutput=socket
in the service file and

    ListenStream=0.0.0.0:5900
in the socket file.

The socket has to be connected to stdin/stdout instead of using SSH forwarding since SSH doesn't support fd-based socket activation.

link
simcop2387 2197 days ago
Yea that's definitely a bit more of an edge case. and for the downvoted sibling commentor, this is the same kind of setup that previously would be done with inetd or xinetd and the lack of security or monitoring or logging that that usually entails. I'd be surprised if there's not some other way to do it but this seems like a perfectly fine work around otherwise.
link
hedora 2200 days ago
Why must systemd break everything?

It is like a vandal with a baseball bat.

link