Expand description
SSH local-port forwarding for the Postgres explorer.
Binds a local TCP listener on 127.0.0.1:<ephemeral> and, for every
inbound connection, opens a fresh direct-tcpip SSH channel to the
configured remote endpoint and bidirectionally splices bytes between
the local socket and the SSH channel. Pattern matches ssh -L.
§Lifetime
SshTunnel owns a CancellationToken and a JoinHandle for the
accept loop. Dropping the tunnel cancels the loop and releases the
local listener. Per-connection forwarder tasks are independent — they
finish naturally when either side closes the stream — so the drop is
best-effort: any in-flight Postgres traffic continues until the
sockets close, which matches the observable behavior of ssh -L
when the controlling terminal exits.
§Concurrency
The accept loop holds an Arc<RwLock<SshClient>>. Each accepted
connection acquires a read lock for the duration of the
channel_open_direct_tcpip round-trip only — the lock is dropped
before splicing begins so the same SSH session can host many
simultaneous Postgres connections without serializing channel
opens.
Structs§
- SshTunnel
- Live SSH local-forward to
(remote_host, remote_port).