This is a resubmission, incorporating suggestions to move the nested
tasks into a nested <sequential> element, and to lower-case any
documentation references to nested elements <remotetunnel> and
<localtunnel>.  The original task description follows:

Sshsession is a container task which establishes an SSH connection,
and optionally any number of local or remote tunnels over that connection,
then executes any nested tasks before taking down the connection.

My purpose in writing it is that we use cvs, and secure all access by only
allowing cvs connections from localhost, which are tunneled over SSH
connections.  Establishing those connections is the only manual step in an
otherwise automated build process.  

While I could use exec to issue the putty command (this is done on  
windoze) conditionally if a server is not already accessible at localhost
port 2401, it gets more complicated with a passphrase on the keypair being
used.
 
Furthermore, there was no way to ensure that an existing connection is the
connection we should be using, and no way to bring the connection down
once we are done with it.
 
So I wrote SSHSession, extending SSHBase, and implementing TaskContainer.
The TaskContainer implementation is lifted directly from Sequential, and
the remainder is adapted from SSHExec, though all the command execution
related properties and logic were removed.  I added support for defining
the tunnels via properties and/or nested elements.  I only needed local
port forwarding, but added remote port forwarding for completeness.  

Using SSHSession with a local tunnel (2401:localhost:2401) and nested CVS
commands does exactly what we need.  Other uses could involve anything
needing to make a TCP connection to a server not otherwise accessible
through a firewall, e.g. HTTP <get>, SMTP <mail>, JDBC <sql>...

Because I've utilized the existing authentication and connection logic
from SSHExec and SSHBase, the new task is as reliable in that regard as
SSHExec. I've personally tested only the keypair with passphrase method of
authentication, but I tested both local and remote port forwarding.
I have no server setup to accomodate testing the other authentication
options.

In the attached tgz of an svn diff, please find SSHSession.java,  
sshsession.html, and mods to defaults.properties and optionaltasklist.html

--------------------------------------------------------
David S. Johnson
 
"Oh scholar, if your scholarship benefits not Mankind,
you deserve not admiration but contempt." -- Kahlil Gibran