net-ssh 0.5.0

data/doc/manual/manual.yml

@@ -0,0 +1,67 @@
+--- !jamisbuck.org,2004/^manual
+
+# This content is made available under the Attribution-ShareAlike 2.0
+# license from the Create Commons:
+#
+#   http://creativecommons.org/licenses/by-sa/2.0/
+
+meta: !^meta
+  copyright: 2004
+  author: Jamis Buck
+  email: jgb3@email.byu.edu
+
+product: !^product
+  name: Net::SSH
+  tagline: Secure Shell for Ruby
+  version: !!eval require "../../lib/net/ssh/version"; Net::SSH::Version::STRING
+  #logo: net-ssh.png
+  urls:
+    - Project Page: http://rubyforge.org/projects/net-ssh
+    - User Manual: http://net-ssh.rubyforge.org
+    - API Documentation: http://net-ssh.rubyforge.org/api
+    - FAQ Document: http://net-ssh.rubyforge.org/faq.html
+    - Net::SSH Wiki: http://net-ssh.rubyforge.org/wiki/wiki.pl
+
+recent_updates:
+  - "New Net::SSH Version"
+
+chapters:
+
+- Introduction:
+  - "What is Net::SSH?": !!file parts/intro_what_is.txt
+  - "What isn't Net::SSH?": !!file parts/intro_what_is_not.txt
+  - "Getting Net::SSH": !!file parts/intro_getting.txt
+  - License Information: !!file parts/intro_license.txt
+  - Support: !!file parts/intro_support.txt
+  - About the Author: !!file parts/intro_author.txt
+
+- Starting a Session:
+  - "Using Net::SSH.start": !!file parts/session_start.txt
+  - Using a Public/Private Key: !!file parts/session_key.txt
+  - Options: !!file parts/session_options.txt
+  - "Using Net::SSH::Session": !!file parts/session_session.txt
+
+- Channels:
+  - What are Channels?: !!file parts/channels_what_are.txt
+  - Session.loop: !!file parts/channels_loop.txt
+  - Channel Types: !!file parts/channels_types.txt
+  - Opening a Channel: !!file parts/channels_open.txt
+  - Callbacks: !!file parts/channels_callbacks.txt
+  - Channel Operations: !!file parts/channels_operations.txt
+
+- Executing Commands:
+  - Using Channels: !!file parts/exec_channels.txt
+  - "Using #process.open": !!file parts/exec_open.txt
+  - "Using #process.popen3": !!file parts/exec_popen3.txt
+
+- Port Forwarding:
+  - Introduction: !!file parts/forward_intro.txt
+  - Local-to-Remote: !!file parts/forward_local.txt
+  - Remote-to-Local: !!file parts/forward_remote.txt
+  - Direct Channels: !!file parts/forward_direct.txt
+  - Remote-to-Local Handlers: !!file parts/forward_handlers.txt
+
+- Using Proxies:
+  - Introduction: !!file parts/proxy_intro.txt
+  - HTTP: !!file parts/proxy_http.txt
+  - SOCKS: !!file parts/proxy_socks.txt

data/doc/manual/page.erb

@@ -0,0 +1,87 @@
+<html>
+  <head>
+    <title><%= manual.product.name %> Manual<% if object %> :: <%= object.page_title %><% end %></title>
+    <link type="text/css" rel="stylesheet" href="manual.css" />
+  </head>
+  
+  <body>
+    <div id="banner">
+      <table border='0' cellpadding='0' cellspacing='0' width='100%'>
+        <tr><td valign='top' align='left'>
+          <div class="title">
+            <span class="product"><%= manual.product.name %>&mdash;</span><br />
+            <span class="tagline"><%= manual.product.tagline %></span>
+          </div>
+        </td><td valign='middle' align='right'>
+          <div class="info">
+            <%= manual.product.name %> Version: <strong><%= manual.product.version %></strong><br />
+            Manual Last Updated: <strong><%= Time.now.gmtime.strftime('%Y-%m-%d %H:%M %Z') %></strong>
+          </div>
+        </td></tr>
+      </table>
+    </div>
+
+    <table border='0' width='100%' cellpadding='0' cellspacing='0'>
+      <tr><td valign='top'>
+
+        <div id="navigation">
+          <h1><%= manual.product.name %> Manual</h1>
+
+          <h2>Chapters</h2>
+          <ol type="I">
+          <% manual.chapters.each do |c| %>
+            <li><%= "<strong>" if c == object %>
+                <a href="chapter-<%= c.index %>.html">
+                <%= c.title %>
+                </a>
+                <%= "</strong> <big>&larr;</big>" if c == object %>
+              <ol type="1">
+                <% c.sections.each do |s|
+                     next unless s.title %>
+                  <li><a href="chapter-<%= c.index %>.html#s<%= s.index %>"><%= s.title %></a></li>
+                <% end %>
+              </ol>
+            </li>
+          <% end %>
+          </ol>
+
+          <h2>Other Documentation</h2>
+
+          <ul>
+            <li><a href="http://net-ssh.rubyforge.org/api/index.html">Net::SSH API</a></li>
+            <li><a href="http://rubyforge.org/tracker/?atid=1842&group_id=274&func=browse">Net::SSH FAQ</a></li>
+          </ul>
+
+          <h2>Tutorials</h2>
+          <ol>
+          <% manual.tutorials.each do |t| %>
+            <li><%= "<strong>" if t == object %>
+                <a href="tutorial-<%= t.index %>.html">
+                <%= t.title %>
+                </a>
+                <%= "</strong> <big>&larr;</big>" if t == object %><br />
+            <%= t.brief.to_html %>
+            </li>
+          <% end %>
+          </ol>
+
+          <p align="center"><strong>More To Come...</strong></p>
+
+          <div class="license">
+            <a href="http://creativecommons.org/licenses/by-sa/2.0/"><img alt="Creative Commons License" border="0" src="http://creativecommons.org/images/public/somerights" /></a><br />
+            This manual is licensed under a <a href="http://creativecommons.org/licenses/by-sa/2.0/">Creative Commons License</a>.
+          </div>
+        </div>
+
+      </td><td valign='top' width="100%">
+
+        <div id="content">
+
+          <%= guts %>
+
+        </div>
+
+      </td></tr>
+    </table>
+  </body>
+</html>

data/doc/manual/parts/channels_callbacks.txt

@@ -0,0 +1,32 @@
+There are various callbacks that may be registered on a channel. Registering a callback is as simple as invoking the corresponding method on the channel and giving it a block that should be invoked when the named action occurs. The following table describes each callback and how it is used.
+
+table(list).
+|_. Name |_. Description |
+|=^. @on_close@ | This callback should accept a single parameter: the channel being closed.  It is called immediately after the channel is removed from the connection. The callback should not send any data through the channel, since at this point the channel is no longer connected to the remote host.|
+|=^. @on_confirm_failed@ | This callback should accept four parameters: the channel instance, the reason code, a description of why the confirm failed, and the language code for the message.  It is called immediately after the server has indicated that a channel could not be opened.|
+|=^. @on_confirm_open@ | This callback should accept a single parameter: the channel being opened.  It is called immediately after the server has confirmed that the channel has been opened. This callback is typically set by a block passed to an @#open_channel@ call.|
+|=^. @on_data@ | This callback is invoked when data is received over the channel from the remote server. This data typically corresponds to the remote process's @stdout@ stream.  The channel should accept two parameters: the channel itself, and the data being received.|
+|=^. @on_eof@ | This callback is called when the server indicates that no more data will be sent _from the server_ over this channel. Your program is still welcome to send data to the server, but you are guaranteed at this point that your @on_data@ and @on_extended_data@ callbacks will no longer be called for this channel. The callback should accept a single parameter, the channel itself.|
+|=^. @on_extended_data@ | This callback is called when _extended data_ is received from the server. There are (potentially) many _types_ of extended data. The callback should accept three parameters: the channel, an integer indicating the type of the data, and the data itself.  Right now, you can pretty much count on the data type being a "1", which corresponds to the remote process's @stderr@ stream. Other data types are not defined in the SSH specification, but that does not mean some SSH servers won't try to invent their own.|
+|=^. @on_failure@ | When a request is sent over a channel (via the @send_request@ or @send_request_string@ methods), it may either succeed or fail. If it fails, this callback will be invoked. It should take a single parameter: the channel itself.|
+|=^. @on_request@ | When the server sends a "channel request" to the client, this callback will be invoked. Channel requests from the server typically indicate things like the exit status of a process. This callback should take three parameters: the channel, a boolean (indicating whether or not the server wants an explicit reply to this request), and the data from the request.|
+|=^. @on_success@ | When a request is sent over a channel (via the @send_request@ or @send_request_string@ methods), it may either succeed or fail. If it succeeds, this callback will be invoked. It should take a single parameter: the channel itself.|
+|=^. @on_window_adjust@ | When the server asks the client to adjust this channel's window size, this callback will be invoked. It should accept two parameters: the channel, and the number of bytes to add the channel's window size.|
+
+In general, you will never need to register callbacks for @on_failure@, @on_request@, @on_success@, or @on_window_adjust@, unless you are needing to implement support for some subservice or piggy-backed protocol (like SFTP).
+
+Following is an example of registering callbacks on a channel:
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+    session.open_channel do |channel|
+      channel.on_close do |ch|
+        puts "channel closed successfully."
+      end
+      puts "closing channel..."
+      channel.close
+    end
+
+    session.loop
+  end
+</pre>

data/doc/manual/parts/channels_loop.txt

@@ -0,0 +1,14 @@
+Because a session may be composed of multiple simultaneously operating channels, the Net::SSH interface works by means of _callbacks_. You specify actions that need to occur in response to various events, and when those events occur, the framework invokes the corresonding callbacks.
+
+In order to allow the events to be processed in a continuous manner, you need to be sure to call the @loop@ method of your session handle, after setting up any callbacks that you want to be executed. If you do not call the @loop@ method, your session will terminate as soon as the block is exited, which means none of your carefully laid callbacks will ever be called.
+
+The @loop@ method is easy to invoke:
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+    ...
+    session.loop
+  end
+</pre>
+
+Incidentally, the @loop@ method accepts an optional block, which if specified should return a "false" value when the loop should terminate. In the absense of a block, the loop will continue until there are no more open channels.  Sometimes, however, you only want the loop to continue until some action occurs, at which time you then do some processing and then start the loop again.

data/doc/manual/parts/channels_open.txt

@@ -0,0 +1,20 @@
+The simplest way to open a channel is via the @open_channel@ method of Net::SSH::Session.  By default, the channel will be of type "session", but you can optionally specify the channel type and any extra data to initialize the channel with. You also pass a block to the @open_channel@ invocation. This block will be called after the server has confirmed that the channel is valid and has been opened successfully.
+
+The @open_channel@ method always returns immediately--all it does is inform the server that a channel needs to be opened and then registers the associated block as the callback to be invoked when the channel is confirmed.
+
+This behavior is typical of most of the methods in the Net::SSH API; they simply send a request to the server and then (optionally) register a callback. Very few of them actually block (pause) until the server responds.
+
+Here is an example of opening a channel:
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+    session.open_channel do |channel|
+      puts "channel successfully opened... closing..."
+      channel.close
+    end
+
+    session.loop
+  end
+</pre>
+
+Note the use of the @close@ method for the channel. Just like most methods in the Net::SSH API, it does not immediately close the channel, but instead sends a close request to the server and returns. When the server responds that the channel has been closed, the framework will then call any final callbacks for the channel and then remove it.

data/doc/manual/parts/channels_operations.txt

@@ -0,0 +1,15 @@
+There are a variety of operations that may be performed on a channel. Some we've already mentioned, like registering callbacks, or closing the channel. Some of the other more common operations are listed (and described) in the following table.
+
+table(list).
+|_. Operation |_. Description |
+| @#exec@ | Executes a command asynchronously on this channel.|
+| @#request_pty@ | Requests that a pseudo-terminal (pty) be opened for this channel.|
+| @#send_data@ | Sends the given data string to the server via this channel.  This is useful for sending data to a remote process, or sending an SFTP packet to the SFTP subsystem.|
+| @#send_eof@ | Tells the server that no further data will be sent from the client to the server. The client must honor this by not sending any more data (either normal or extended) to the server over this channel.|
+| @#send_extended_data@ | Sends a data string to the server, along with an integer describing its type. This is typically used to send @stderr@ data.|
+| @#send_request@ | Sends a named request to the server for this channel. This is primarily used by implementations of protocols and subsystems that run on top of SSH.|
+| @#send_signal@ | Indicates that the server should send the given signal to the process on the other end of the channel.|
+| @#subsystem@ | Requests that the server start the given subsystem on this channel. This is how (for instance) the SFTP subsystem is invoked. |
+
+See the API documentation for an exhaustive reference of all available channel
+operations.

data/doc/manual/parts/channels_types.txt

@@ -0,0 +1,3 @@
+Each channel has a _type_. Usually, you will use "session" channels, but there are also "x11" channels, "forwarded-tcpip" channels, and "direct-tcpip" channels.  Net::SSH currently has no support for "x11" channels. The "forwarded-tcpip" and "direct-tcpip" channels are managed internally via the port-forwarding interfaces.
+
+The "session" channel type allows for a broad range of actions, including (but not limited to) SFTP requests and remote process execution.

data/doc/manual/parts/channels_what_are.txt

@@ -0,0 +1,7 @@
+The SSH protocol requires that requests for services on a remote machine be made over _channels_. A single SSH connection may contain multiple channels, all run simultaneously over that connection.
+
+Each channel, in turn, represents the processing of a single service.  When you invoke a process on the remote host with Net::SSH, a channel is opened for that invocation, and all input and output relevant to that process is sent through that channel. The connection itself simply manages the packets of all of the channels that it has open.
+
+This means that, for instance, over a single SSH connection you could execute a process, download a file via SFTP, and forward any number of ports, all (seemingly) at the same time!
+
+Naturally, they do not occur simultaneously, but rather work in a "time-share" fashion by sharing the bandwidth of the connection. Nevertheless, the fact that these channels exist make working with the SSH protocol a bit more challenging than simpler protocols (like FTP, HTTP, or Telnet).

data/doc/manual/parts/exec_channels.txt

@@ -0,0 +1,28 @@
+To run multiple processes in parallel, you can access the channel API directly, setting up multiple channels and callbacks in order to process the output from the channel.
+
+Suppose, for example, that you wanted to run multiple "tail" commands on various logs on the remote machine, combining them all into the output on the client. Something like the following would suffice:
+
+<pre>
+  def do_tail( session, file )
+    session.open_channel do |channel|
+      channel.on_data do |ch, data|
+        puts "[#{file}] -> #{data}"
+      end
+      channel.exec "tail -f #{file}"
+    end
+  end
+
+  Net::SSH.start( 'host' ) do |session|
+    do_tail session, "/var/log/messages"
+    do_tail session, "/var/log/XFree86.0.log"
+    do_tail session, "/var/log/tomcat/catalina.log"
+    do_tail session, "/var/log/mysql/mysql.err"
+    session.loop
+  end
+</pre>
+
+As you can see, four different logs are tailed on four separate channels. Each channel registers an @on_data@ callback (which simply displays the data it recieves, together with the name of the log file it came from). The @exec@ method of the channel is then invoked, which simply sends the request to execute the process to the server, and then returns.
+
+The @loop@ method then blocks while packets and processed and callbacks are invoked, completing the program.
+
+This approach works fine for processing data coming from the server, and with a little work and coordination can work well for sending data _to_ the server as well, by calling the @send_data@ method of the channel at the appropriate times. However, it requires a bit of forethought, since you have to come up with a simple state machine to manage most interactive sessions, and many times that's more effort than it is worth.

data/doc/manual/parts/exec_open.txt

@@ -0,0 +1,51 @@
+The @#process.open@ interface provides a simpler way to manage interactive sessions. It still works via callbacks, and it still requires a kind of state machine in order to process input, but it does simplify things a little bit.
+
+Just open an SSH session. The @#process@ service of the session manages access to convenience methods for handling and communicating with remote processes. In particular the @#open@ method of the @#process@ service allows you to constuct callbacks for dealing with remote processes, more conveniently than using channels directly.
+
+Consider the "bc" command. It is a command-line calculator that accepts expressions on @stdin@ and writes the results to @stdout@. When it encounters the word @quit@ on the input, it exits. Sounds like a great way to demonstrate the @process@ service...
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+
+    session.process.open( "bc" ) do |bc|
+      dialog = [ "5+5", "7*12", "sqrt(2.000000)", "quit" ]
+
+      bc.on_success do |p|
+        puts "requesting result of #{dialog.first}"
+        p.puts dialog.shift
+      end
+
+      bc.on_stdout do |p,data|
+        puts "--> #{data}"
+        unless dialog.empty?
+          puts "requesting result of #{dialog.first}"
+          p.puts dialog.shift
+        end
+      end
+
+      bc.on_exit do |p, status|
+        puts "process finished with exit status: #{status}"
+      end
+    end
+
+  end
+</pre>
+
+
+Notice the progression. First, the session itself is started. Then, while the session is active, the process is invoked (via @#process.open@). After we have a handle to the process (which is yielded to the block, in this case), we set up the callbacks on the process. These are reminiscent of, but different from, the callbacks that we set up on the channel itself in the previous section.
+
+The following callbacks are defined for a process handle:
+
+table(list).
+|_. Name |_. Description |
+|=^. @on_exit@ | This callback is invoked when the process terminates normally. The block should accept two parameters: the process handle itself, and the exit status of the process.|
+|=^. @on_failure@ | This callback is invoked when the process could not be invoked. It should take two parameters: the process handle itself, and a status string (which currently always @nil@).|
+|=^. @on_success@ | This callback is invoked after the process has been successfully started.  The callback should take a single parameter: the process handle itself.|
+|=^. @on_stderr@ | This callback is invoked when data is received from the process's @stderr@ stream. The callback should have two parameters: the process handle, and the data.|
+|=^. @on_stdout@ | This callback is invoked when data is received from the process's @stdout@ stream. The callback should have two parameters: the process handle, and the data.|
+
+Sending data to the process is as simple as calling @puts@ on the process handle. If you don't want a newline appended to your data, use @write@ instead.
+
+Notice that, when sending a block to @#process.open@, you do not have to explicitly invoke @session.loop@. It is implicitly called at the end of the block. If you ever want to set up multiple processes to run in parallel, simply use @#process.open@ without a block. The process handle will be returned, and you will be required to execute @session.loop@ manually.
+
+For more information on the @#process.open@ service, see the API documentation for @Net::SSH::Service::Process::Open@.

data/doc/manual/parts/exec_popen3.txt

@@ -0,0 +1,35 @@
+The last approach to interacting with remote processes is the @#popen3@ method of @#process@ service. It is a _synchronous_ approach, meaning that each method call _may_ (potentially) block until data is received; you can't be using other features of the Net::SSH package while using it, but you don't have to mess with callbacks.
+
+If you are familiar with the "popen3" Ruby module, this will seem familiar. It's not a perfect clone of the "popen3" module's functionality, but it's close. What you do is you specify the process to invoke, and then you get three pseudo-IO objects back: the process's input stream, it's output stream, and it's error stream. You can write to the input stream to send data to the process, or read from the output and error streams. Reading from the output or error streams will block until data is available, which makes it very convenient for interacting with a single remote process.
+
+Here's the previous "bc" example, rewritten to use @#popen3@:
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+
+    input, output, error = session.process.popen3( "bc" )
+
+    [ "5+5", "7*12", "sqrt(2.000000)" ].each do |formula|
+      input.puts formula
+      puts "#{formula}=#{output.read}"
+    end
+
+    input.puts "quit"
+
+  end
+</pre>
+
+Much more concise, isn't it? One caveat, though: there is no way to kill the process (unless the process can terminate itself, such as through the use of issuing bc's "quit" command as used above) without closing the session. To remedy this, there is also a block version of popen3 that provides an explicit scope for the three data streams:
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+    session.process.popen3( "bc" ) do |input, output, error|
+      [ "5+5", "7*12", "sqrt(2.000000)" ].each do |formula|
+        input.puts formula
+        puts "#{formula}=#{output.read}"
+      end
+    end
+  end
+</pre>
+
+The three streams will be closed and process explicitly terminated when the block ends.

data/doc/manual/parts/forward_direct.txt

@@ -0,0 +1,37 @@
+Sometimes it might be nice to programmatically simulate a network connection on a local port and have it forwarded to the remote host. You can do this by means of the @#direct_channel@ method.
+
+The @#direct_channel@ method looks similar to @#local@: the first three parameters are the local port to simulate the connection from, and the remote host and port that the connection should be forwarded to. The fourth parameter, however, is a _handler_, an object that is used as a callback for a variety of different events.
+
+The handler for the @#direct_channel@ method may implement any of the following callbacks (all are optional, though you probably want to implement at least one or two of them):
+
+table(list).
+|_. Callback |_. Description |
+|=^. @confirm@ | This is invoked when the channel has been opened and the remote host has confirmed it. This accepts four parameters: the channel itself, the local port, remote host, and remote port. (In this way, the same handler may be used for multiple forward requests.)|
+|=^. @process@ | After the channel has been confirmed, this is invoked, to process the channel. This callback will be invoked in a new Thread, so that if your handler needs to listen to a socket and then send data received from it over the channel, it can do so without blocking the main loop. The callback accepts a single parameter, the channel handle itself.|
+|=^. @on_close@ | This is called when the channel over which this forwarded connection is being processed has been closed. The callback accepts a single parameter, the channel itself.|
+|=^. @on_eof@ | When the remote machine indicates it will send no more data, this callback will be invoked. It accepts a single parameter, the channel itself.|
+|=^. @on_receive@ | This is invoked when data is received from the remote machine. It accepts two parameters: the channel handle, and the data that was received.|
+
+For example, the following example pretends to be a client that has connected to the local host on a forwarded port:
+
+<pre>
+  class Handler
+    def on_receive( channel, data )
+      puts "got data: #{data.inspect}"
+      channel.send_data "subsequent request"
+    end
+
+    def process( channel )
+      channel.send_data "initial request"
+    end
+  end
+
+  Net::SSH.start( 'host' ) do |session|
+    session.forward.direct_channel( 1234, 'somewhere.else.net',
+      4321, Handler.new )
+
+    session.loop
+  end
+</pre>
+
+The local port number for @#direct_channel@ has no real purpose, other than to report to the SSH server that the "virtual" connection occurred on that port.

data/doc/manual/parts/forward_handlers.txt

@@ -0,0 +1,16 @@
+You can use handlers going in the other direction, too. If you want to programmatically process forwarded data from a remote host, you can use the @#remote@ method.  This takes two parameters, with an optional third parameter. The two required parameters are the handler to use, and the remote port that should be listened to. The optional parameter is the remote bind address, which defaults to '127.0.0.1'.
+
+(Incidentally, if the port is 0, a new port will be allocated for you automatically by the server.)
+
+Whenever connections are received on the remote port, they will be forwarded to the handler, which may implement the following callbacks:
+
+table(list).
+|_. Callback |_. Description |
+|=^. @error@ | This is invoked if the forward could not be initiated. It accepts a single parameter, which is the error message. |
+|=^. @on_close@ | This is invoked when the channel that was assigned to process this forwarded connection has been closed. The callback takes one parameter: the channel itself. |
+|=^. @on_eof@ | This is invoked when the remote end of the connection has promised not to send any more data. The local end of the channel may continue to send data, however. This callback takes on parameter: the channel itself.|
+|=^. @on_open@ | This is invoked when a new connection is received over the forwarded channel. It accepts five parameters: the channel object, the connected address, the connected port, the originator address, and the originator port. |
+|=^. @on_receive@ | This is invoked when data is received over the channel from the remote connection. It accepts two parameters: the channel object, and the data that was received. |
+|=^. @setup@ | This is invoked immediately after the forward request has been acknowledged as successful. It accepts a single parameter, which is the port that was assigned to this forward. If the port parameter to @#remote@ was not 0, then that same value will be passed to the callback. Otherwise, the newly allocated port number will be passed to the callback. |
+
+Note that the @on_receive@ handler is required--all other callbacks may remain unimplemented by the handler.

data/doc/manual/parts/forward_intro.txt

@@ -0,0 +1,18 @@
+Port forwarding is a feature of the SSH protocol that allows you to specify a port on one of the hosts, and have network connections on that port forwarded to a port on a different host, using the SSH connection as a proxy. There are basically two ways to use this forwarding:
+
+# A port on the local host is forwarded via the remote host to another machine. Any connection to the specified port will cause all subsequent data to be sent over the connection to the remote host, where it will then be forwarded to the requested destination host.
+# A port on the remote host is forwarded over the connection to the local host, and from there to (potentially) some other remote destination. Any connection to the specified port on the remote host is forwarded over the connection to the local host, which then makes a connection to the specified remote destination and sends the data there.
+
+All port forwarding in the Net::SSH library is managed by the @#forward@ service. Just invoke methods on that service to set up any of various port forwarding configurations.
+
+<pre>
+  Net::SSH.start( 'host' ) do |session|
+    forward = session.forward
+    ...
+    session.loop
+  end
+</pre>
+
+You can define any number of forwards before invoking the main loop, in which case all of those forwards will be handled transparently (and silently) in parallel, over the same connection. (Isn't SSH lovely?)
+
+Naturally, you can also have remote processes, SFTP sessions, and more all working at the same time on the connection.