Subject line says it all. The limit of 100 forwarded ports (e.g., using "-L" flag) is arbitrary and unnecessary. It is an example of what John Ousterhout would call a "voodoo constant", i.e., a value randomly chosen by a developer at some point in time without any basis in science or measurement. It is an example of the frowned-upon practice of encoding policy into software (software should encode mechanisms... policy should be left to config files, command line flags, etc. (i.e., a human)). This limitation is like having a law stating that you are not allowed to buy more than 5 dozen eggs at the supermarket. Sure, most people don't buy more than 60 eggs at a time, but does that mean there needs to be a law against it? Motivation: at my company we use SSH port forwarding as part of a cheap and dirty VPN scheme to establish contact between many machines. Now that there are more than 100 other machines out there, this scheme has stopped working. All because of a completely artificial and unnecessary limit. This limitation is easily worked around, of course: just start two or more SSH sessions. Kindof like going to the store twice in a row to buy 120 eggs by buying 60 eggs twice. This of course is just more evidence that this limitation is useless. So at the minimum, please make this limit configurable in /etc/ssh/ssh_config, or better yet get rid of it all together. The UNIX O/S already has mechanisms in place to limit resource utilization by individual accounts. SSH doesn't need to apply its own additional, arbitrary limitation. Thanks!
I agree that this does seem like an arbitrary limit. However, to address your particular use-case, you might find the new tunnel support useful.
Created attachment 1866 [details] /home/djm/ssh-unlimit-forwards.diff dynamically allocate forwards and permitted opens.\n\nUse of xrealloc should be sufficient to avoid integer overflows.
patch applied - will be in OpenSSH-5.6
Move resolved bugs to CLOSED after 5.7 release