I have found myself using OpenSSH for its forwarding abilities,
without actually using the remote shell feature. In these cases, the
connection itself is over Xen shared memory, so I have no need for any
of the cryptography.
While allowing unencrypted SSH connections is obviously a bad
idea, I would be very interested in adding support for using SSH
as a pure forwarder, to allow forwarding sockets and X11 over an
already-established, secure channel. While this is probably possible
with libssh, libssh2, or other libraries, OpenSSH’s excellent
security track-record makes it preferred here.
I suggest that ssh(1) and sshd(8) act as the client and server of
this protocol if invoked as forward-client(1) and forward-server(1),
respectively. The protocol would be spoken over stdin/stdout.
Would there be any interest in this from the OpenSSH maintainers?
I have limited time, but would be willing to test patches.