ssh port forwarding would be easy to add.

it's not implemented on the server
because for non-plan9 clients, it's
hard to keep the access restricted to
the user who dialed.  at best forwarding
is restricted to the machine that user
is on, and at worst (the behavior of the
historical unix ssh clients) restricted to any machine
that is network-connected to the user's machine.