diff --git a/callback.py b/callback.py
new file mode 100644
index 00000000..1bf5545a
--- /dev/null
+++ b/callback.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# 2013 Nico Schottelius (nico-cdist at schottelius.org)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import os
+
+# SSH_CLIENT and SSH_CONNECTION available
+src_ip = os.environ['SSH_CLIENT'].split()[0]
+
+print("Plain version: Connecting back to %s" % src_ip)
diff --git a/docs/dev/logs/2013-05-04.ssh b/docs/dev/logs/2013-05-04.ssh
new file mode 100644
index 00000000..176e5b62
--- /dev/null
+++ b/docs/dev/logs/2013-05-04.ssh
@@ -0,0 +1,340 @@
+- analysis of ssh connections for callback
+    SSH_CLIENT='::1 38502 22'
+    SSH_CONNECTION='::1 38502 ::1 22'
+
+    -> callback possible to source host
+
+
+
+[ target host ]  <--------------|
+    |                           |
+    |                           |
+    |                           |
+    | trigger                   |   configuration
+    |                           |
+    v                           |
+[ configuration host ]      ----|
+
+
+- dynamic port allocation for tunneling
+
+    [1:37] bento:~% ssh -R  0:localhost:22 localhost
+    Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
+    Allocated port 53161 for remote forward to localhost:22
+
+    SSH_AUTH_SOCK=/tmp/ssh-zDCWbUVcUK/agent.30749
+    SSH_CLIENT='::1 38587 22'
+    SSH_CONNECTION='::1 38587 ::1 22'
+    SSH_TTY=/dev/pts/21
+
+
+- ssh_config:
+    DynamicForward
+    LocalForward
+    RemoteForward
+
+- testing
+
+[1:52] bento:cdist% netstat -anp | grep 56844
+(Not all processes could be identified, non-owned process info
+ will not be shown, you would have to be root to see it all.)
+tcp        0      0 127.0.0.1:56844         0.0.0.0:*               LISTEN      -                   
+tcp6       0      0 ::1:56844               :::*                    LISTEN      -                   
+[1:53] bento:cdist% 
+
+
+[1:48] bento:~% ssh -R  0:localhost:22  localhost       
+Allocated port 56844 for remote forward to localhost:22
+...
+
+- chatting
+
+01:42 -!- Irssi: Join to #openssh was synced in 0 secs
+01:42 < telmich> good evening
+01:43 < telmich> I am trying to make use of remote port forwarding using dynamic port 
+                 allocation (port=0) -- I am wondering if there is an easy way to 
+                 access the port number on the remote side easily?
+01:44 < telmich> background for this question is: I'd like to allow various clients to 
+                 login to a configuration server, which then configures the clients by 
+                 using the tunnel the client provides for the server to ssh back into
+02:07 < BasketCase> telmich: afaik you need to use a tool like ss/netstat/lsof to see what port it has open
+
+- ssh debug
+
+[11:37] bento:~% ssh -R 0:localhost:22 localhost
+Allocated port 33562 for remote forward to localhost:22
+
+             ..          .       .x+=:.        s
+           dF           @88>    z`    ^%      :8
+          '88bu.        %8P        .   <k    .88
+      .   '*88888bu      .       .@8Ned8"   :888ooo
+ .udR88N    ^"*8888N   .@88u   .@^%8888"  -*8888888
+<888'888k  beWE "888L ''888E` x88:  `)8b.   8888
+9888 'Y"   888E  888E   888E  8888N=*8888   8888
+9888       888E  888E   888E   %8"    R88   8888
+9888       888E  888F   888E    @8Wou 9%   .8888Lu=
+?8888u../ .888N..888    888&  .888888P`    ^%888*
+ "8888P'   `"888*""     R888" `   ^"F        'Y"
+   "P'        ""         ""
+
+Welcome to a cdist automated system!
+
+Last login: Sat May  4 01:52:46 2013 from localhost.localdomain
+debug1: PAM: reinitializing credentials
+debug1: permanently_set_uid: 0/0
+Environment:
+  USER=root
+  LOGNAME=root
+  HOME=/root
+  PATH=/usr/bin:/bin:/usr/sbin:/sbin
+  MAIL=/var/spool/mail/root
+  SHELL=/bin/bash
+  SSH_CLIENT=::1 57848 22
+  SSH_CONNECTION=::1 57848 ::1 22
+  SSH_TTY=/dev/pts/32
+  TERM=rxvt-unicode
+  XDG_SESSION_ID=1
+  XDG_RUNTIME_DIR=/run/user/1000
+  XDG_SEAT=seat0
+  XDG_VTNR=1
+  SSH_AUTH_SOCK=/tmp/ssh-6j0elukLHA/agent.17260
+[root@bento ~]# 
+[root@bento nico]# /usr/sbin/sshd -D -d
+debug1: sshd version OpenSSH_6.2, OpenSSL 1.0.1e 11 Feb 2013
+debug1: read PEM private key done: type RSA
+debug1: private host key: #0 type 1 RSA
+debug1: read PEM private key done: type DSA
+debug1: private host key: #1 type 2 DSA
+debug1: read PEM private key done: type ECDSA
+debug1: private host key: #2 type 3 ECDSA
+debug1: rexec_argv[0]='/usr/sbin/sshd'
+debug1: rexec_argv[1]='-D'
+debug1: rexec_argv[2]='-d'
+Set /proc/self/oom_score_adj from 0 to -1000
+debug1: Bind to port 22 on 0.0.0.0.
+Server listening on 0.0.0.0 port 22.
+debug1: Bind to port 22 on ::.
+Server listening on :: port 22.
+debug1: Server will not fork when running in debugging mode.
+debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
+debug1: inetd sockets after dupping: 3, 3
+Connection from ::1 port 57848
+debug1: Client protocol version 2.0; client software version OpenSSH_6.2
+debug1: match: OpenSSH_6.2 pat OpenSSH*
+debug1: Enabling compatibility mode for protocol 2.0
+debug1: Local version string SSH-2.0-OpenSSH_6.2
+debug1: permanently_set_uid: 99/99 [preauth]
+debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
+debug1: SSH2_MSG_KEXINIT sent [preauth]
+debug1: SSH2_MSG_KEXINIT received [preauth]
+debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
+debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com zlib@openssh.com [preauth]
+debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
+debug1: SSH2_MSG_NEWKEYS sent [preauth]
+debug1: expecting SSH2_MSG_NEWKEYS [preauth]
+debug1: SSH2_MSG_NEWKEYS received [preauth]
+debug1: KEX done [preauth]
+debug1: userauth-request for user root service ssh-connection method none [preauth]
+debug1: attempt 0 failures 0 [preauth]
+debug1: PAM: initializing for "root"
+debug1: PAM: setting PAM_RHOST to "localhost.localdomain"
+debug1: PAM: setting PAM_TTY to "ssh"
+debug1: userauth-request for user root service ssh-connection method publickey [preauth]
+debug1: attempt 1 failures 0 [preauth]
+debug1: test whether pkalg/pkblob are acceptable [preauth]
+debug1: temporarily_use_uid: 0/0 (e=0/0)
+debug1: trying public key file /root/.ssh/authorized_keys
+debug1: fd 4 clearing O_NONBLOCK
+debug1: matching key found: file /root/.ssh/authorized_keys, line 2
+Found matching RSA key: 2e:1b:3f:10:01:1d:21:6c:6c:1e:3d:a9:33:ba:3c:f7
+debug1: restore_uid: 0/0
+Postponed publickey for root from ::1 port 57848 ssh2 [preauth]
+debug1: userauth-request for user root service ssh-connection method publickey [preauth]
+debug1: attempt 2 failures 0 [preauth]
+debug1: temporarily_use_uid: 0/0 (e=0/0)
+debug1: trying public key file /root/.ssh/authorized_keys
+debug1: fd 4 clearing O_NONBLOCK
+debug1: matching key found: file /root/.ssh/authorized_keys, line 2
+Found matching RSA key: 2e:1b:3f:10:01:1d:21:6c:6c:1e:3d:a9:33:ba:3c:f7
+debug1: restore_uid: 0/0
+debug1: ssh_rsa_verify: signature correct
+debug1: do_pam_account: called
+Accepted publickey for root from ::1 port 57848 ssh2
+debug1: monitor_child_preauth: root has been authenticated by privileged process
+debug1: Enabling compression at level 6. [preauth]
+debug1: monitor_read_log: child log fd closed
+debug1: PAM: establishing credentials
+debug1: Entering interactive session for SSH2.
+debug1: server_init_dispatch_20
+debug1: server_input_global_request: rtype tcpip-forward want_reply 1
+debug1: server_input_global_request: tcpip-forward listen localhost port 0
+debug1: Local forwarding listening on ::1 port 0.
+debug1: Allocated listen port 33562
+debug1: channel 0: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 33562.
+debug1: channel 1: new [port listener]
+debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
+debug1: input_session_request
+debug1: channel 2: new [server-session]
+debug1: session_new: session 0
+debug1: session_open: channel 2
+debug1: session_open: session 0: link with channel 2
+debug1: server_input_channel_open: confirm session
+debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
+debug1: server_input_channel_req: channel 2 request auth-agent-req@openssh.com reply 0
+debug1: session_by_channel: session 0 channel 2
+debug1: session_input_channel_req: session 0 req auth-agent-req@openssh.com
+debug1: temporarily_use_uid: 0/0 (e=0/0)
+debug1: restore_uid: 0/0
+debug1: channel 3: new [auth socket]
+debug1: server_input_channel_req: channel 2 request pty-req reply 1
+debug1: session_by_channel: session 0 channel 2
+debug1: session_input_channel_req: session 0 req pty-req
+debug1: Allocating pty.
+debug1: session_pty_req: session 0 alloc /dev/pts/32
+debug1: server_input_channel_req: channel 2 request shell reply 1
+debug1: session_by_channel: session 0 channel 2
+debug1: session_input_channel_req: session 0 req shell
+debug1: Setting controlling tty using TIOCSCTTY.
+
+--------------------------------------------------------------------------------
+debug1: server_input_global_request: rtype tcpip-forward want_reply 1
+debug1: server_input_global_request: tcpip-forward listen localhost port 0
+debug1: Local forwarding listening on ::1 port 0.
+debug1: Allocated listen port 33562
+debug1: channel 0: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 33562.
+
+[11:49] bento:openssh-6.2p1% grep "Allocated listen port" -r .
+./channels.c:           debug("Allocated listen port %d",
+[11:49] bento:openssh-6.2p1% 
+
+
+--------------------------------------------------------------------------------
+[11:54] bento:~% ssh -R 0:localhost:22 -R 0:192.168.1.1:33 localhost 
+Allocated port 48392 for remote forward to localhost:22
+Allocated port 37515 for remote forward to 192.168.1.1:33
+
+
+
+
+debug1: server_input_global_request: rtype tcpip-forward want_reply 1
+debug1: server_input_global_request: tcpip-forward listen localhost port 0
+debug1: Local forwarding listening on ::1 port 0.
+debug1: Allocated listen port 48392
+debug1: channel 0: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 48392.
+debug1: channel 1: new [port listener]
+debug1: server_input_global_request: rtype tcpip-forward want_reply 1
+debug1: server_input_global_request: tcpip-forward listen localhost port 0
+debug1: Local forwarding listening on ::1 port 0.
+debug1: Allocated listen port 37515
+debug1: channel 2: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 37515.
+debug1: channel 3: new [port listener]
+debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
+debug1: input_session_request
+debug1: channel 4: new [server-session]
+debug1: session_new: session 0
+debug1: session_open: channel 4
+debug1: session_open: session 0: link with channel 4
+
+debug1: Local forwarding listening on ::1 port 5555.
+debug1: channel 0: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 5555.
+debug1: channel 1: new [port listener]
+debug1: server_input_global_request: rtype tcpip-forward want_reply 1
+debug1: server_input_global_request: tcpip-forward listen localhost port 4444
+debug1: Local forwarding listening on ::1 port 4444.
+debug1: channel 2: new [port listener]
+debug1: Local forwarding listening on 127.0.0.1 port 4444.
+debug1: channel 3: new [port listener]
+debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
+debug1: input_session_request
+debug1: channel 4: new [server-session]
+debug1: session_new: session 0
+debug1: session_open: channel 4
+
+--------------------------------------------------------------------------------
+
+[12:06] bento:openssh-6.2p1% grep SSH_CONNECTION -r *
+audit-bsm.c:    case SSH_CONNECTION_CLOSE:
+audit.c:        {SSH_CONNECTION_CLOSE,      "CONNECTION_CLOSE"},
+audit.c:        {SSH_CONNECTION_ABANDON,    "CONNECTION_ABANDON"},
+audit.h:    SSH_CONNECTION_CLOSE,   /* closed after attempting auth or session */
+audit.h:    SSH_CONNECTION_ABANDON, /* closed without completing auth */
+audit-linux.c:  case SSH_CONNECTION_CLOSE:
+monitor.c:  case SSH_CONNECTION_CLOSE:
+regress/proxy-connect.sh:   SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
+regress/proxy-connect.sh:   if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+regress/proxy-connect.sh:       fail "bad SSH_CONNECTION"
+session.c:  child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
+sftp-server.c:  if ((cp = getenv("SSH_CONNECTION")) != NULL) {
+sftp-server.c:          error("Malformed SSH_CONNECTION variable: \"%s\"",
+sftp-server.c:              getenv("SSH_CONNECTION"));
+ssh.0:     SSH_CONNECTION        Identifies the client and server ends of the
+ssh.1:.It Ev SSH_CONNECTION
+sshd.c: PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+sshd.c:     audit_event(SSH_CONNECTION_ABANDON);
+[12:06] bento:openssh-6.2p1% 
+
+--------------------------------------------------------------------------------
+debug1: Remote connections from LOCALHOST:5555 forwarded to local address localhost:22
+
+--------------------------------------------------------------------------------
+[12:42] bento:openssh-6.2p1% grep tcpip-forward *
+channels.c:     packet_put_cstring("tcpip-forward");
+channels.c: packet_put_cstring("cancel-tcpip-forward");
+Binary file channels.o matches
+grep: contrib: Is a directory
+Binary file libssh.a matches
+grep: openbsd-compat: Is a directory
+grep: regress: Is a directory
+grep: scard: Is a directory
+serverloop.c:   if (strcmp(rtype, "tcpip-forward") == 0) {
+serverloop.c:       debug("server_input_global_request: tcpip-forward listen %s port %d",
+serverloop.c:   } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
+serverloop.c:       debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
+Binary file serverloop.o matches
+Binary file ssh matches
+Binary file sshd matches
+Binary file ssh-keyscan matches
+Binary file ssh-keysign matches
+[12:42] bento:openssh-6.2p1% 
+
+--------------------------------------------------------------------------------
+Channel information for (remote) forwarding:
+
+       c = channel_new("port listener", type, sock, sock, -1,
+            CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+            0, "port listener", 1);
+        c->path = xstrdup(host);
+        c->host_port = port_to_connect;
+        c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
+        if (listen_port == 0 && allocated_listen_port != NULL &&
+            !(datafellows & SSH_BUG_DYNAMIC_RPORT))
+            c->listening_port = *allocated_listen_port;
+        else 
+            c->listening_port = listen_port;
+
+--------------------------------------------------------------------------------
+
+Code handling remote forwarding in the client:
+- ssh_init_forwarding
+    - channel_request_remote_forwarding
+        Sends hostname + port for ssh1 only - not send in ssh2
+
+Code handling forwarding / listening in the server:
+
+- channel_new: creates channels, 2 per listener (ipv4/ipv6)
+    - channels_alloc contains number of channels
+- server_input_global_request
+    Reads only listen port, not hostname/port to connect to
+    - channel_setup_remote_fwd_listener
+        - channel_setup_remote_fwd_listener
+
+Code handling environment variables:
+
+- child_set_env
+1236     child_set_env(&env, &envsize, "SSH_CONNECTION", buf);
+
diff --git a/docs/dev/logs/2013-05-17.ssh-callback-socat b/docs/dev/logs/2013-05-17.ssh-callback-socat
new file mode 100644
index 00000000..69428309
--- /dev/null
+++ b/docs/dev/logs/2013-05-17.ssh-callback-socat
@@ -0,0 +1,40 @@
+
+start ssh
+to controlhost,
+bind other side to
+localhost:22
+
+
+targethost ------> ssh ------> controlhost
+                                   |
+                                   |
+                                socat: connect stdin/stdout to ?
+                                start cdist with port information
+                                added
+
+
+Use 
+
+socat
+
+
+--------------------------------------------------------------------------------
+       TCP:<host>:<port>
+              Connects  to <port> [TCP service] on <host> [IP address] using TCP/IP version 4 or 6 depending on address specifi‐
+              cation, name resolution, or option pf.
+              Option groups: FD,SOCKET,IP4,IP6,TCP,RETRY
+              Useful options: crnl, bind, pf, connect-timeout, tos, mtudiscover,  mss,  nodelay,  nonblock,  sourceport,  retry,
+              readbytes
+              See also: TCP4, TCP6, TCP-LISTEN, UDP, SCTP-CONNECT, UNIX-CONNECT
+
+forever
+--------------------------------------------------------------------------------
+[root@nico-dev-vm-snr01 yum.repos.d]# ps aux | grep socat
+nico     25035  0.0  0.0  41640  1524 ?        Ss   13:27   0:00 socat - TCP-LISTEN:1234
+root     25037  0.0  0.0 103240   836 pts/1    S+   13:27   0:00 grep socat
+[root@nico-dev-vm-snr01 yum.repos.d]# 
+
+
+
+--------------------------------------------------------------------------------
+