SSH Tunnel manager is a great GUI for SSH tunneling for OS X. If there was a way to disable ports when not tunnelled, that would be stupendously useful (I’m thinking about in conference situations, when you have say an overly aggressive chat client)…
For Windows, I tried pTunnel, but for some reason it didn’t work. Putty works, of course, although it’d be nice to not have to have a running shell in the taskbar/screen.
— Bothered enough by the last thought that I talked w/ a few people about it. I initially started by thinking about laptop wakeup scripts, but that doesn’t solve collapsing tunnels and still doesn’t insure stuff going out encrypted. Cal suggested a firewall level solution, which I think is on the right track. A 90% solution (and one that’ll definitely solve the chat client problem) is to drop outgoing packets on the tunnel ports for everything but the SSH tunneling server. The other 10%, cleartext communication to the tunneling server shouldn’t happen if you can use secure communications (HTTPS, IMAP-SSL, SMTP-AUTH). The 100% solution is to write firewall rules to pass all data through a local proxy/daemon that will do packet analysis to make sure that there’s no plaintext (basically running everything through ethereal/ettercap. Sure you’ll take a performance hit, but for conferences/other insecure locations, it’s much better than the alternative) — actually, it’d probably be possible/easier to simply be a tunnel manager that will make sure that tunnels are up…