Built-in ssh tunneling?

Is there any interest to integrate an ssh tunneling mechanism into syncthing? Most of my clients only have a single open port (ssh) that all traffic is encrypted and sent through. It is definitely possible to open a tunnel outside of syncthing and then point syncthing at the local port, but this is annoying because the tunnel has to be established separately, even when syncthing may be running.

I suppose that this could also be handled via systemd, which may make more sense if we want to avoid feature creep…make the syncthing daemon dependent on opening a specified ssh tunnel. Would users be more interested in built-in ssh tunneling functionality or handling it externally (and potentially automatically if syncthing were appropriately packaged for the distros).

No, I don’t think this should be added to Syncthing.

This is definitely something to be solved with Systemd. Since you have multiple clients, the easiest thing for you may be to setup a recipe with Ansible or something (you may have one already for your common setup?). Make the effort once and enjoy the fruits for the foreseeable future.