I'm wanting to create an SSH tunnel to use for talking securely with a remote legacy application, but I don't want other local applications to be able to use it. Is this possible with Python and/or Ruby, perhaps using an in-memory handle to the tunnel that can be written to and read from like a normal socket handle?
Latest versions of OpenSSH support the -W flag to connect stdio to a remote tcp port:
ssh ssh_host -W host:port
I don't know in Python or Ruby, but in Perl you can easyly use this feature with Net::OpenSSH. For instance:
use Net::OpenSSH;
my $ssh = Net::OpenSSH->new($host);
my $out = $ssh->capture({tunnel => 1,
stdin_data => "GET / HTTP/1.0\n\n" },
'www.google.com', 80);
print $out;