[Bug 1572] accept SOCKS requests over the mux socket in master mode

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 13 02:27:49 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1572





--- Comment #3 from Salvador Fandiño <sfandino at yahoo.com>  2009-03-13 02:27:48 ---
Discussion about this feature taking place in
openssh-unix-dev at mindrot.org

On Mar 11, 2009, at 1:21 PM, Jim Knoble wrote:

> > Circa 2009-03-11 10:27 dixit Ben Lindstrom:
> >
> > : I'm concerned that people will become confused since -M -S combo has
> > : been resevered for multiple ssh terminal sessions over a single
> > : tunnel.  I'd rather see it more clear like:
> > :
> > : ssh -D -M -S /tmp/mux 172.20.3.12 -N -f   if you want multiple  
> > tunnels
> > : + SOCK support
> > : ssh -D -S /tmp/mux  .. if you just want SOCKS support instead of a  
> > PORT
> > :
> > : Which means an error needs to be throw on
> > :
> > : ssh -Dxxx  -S xxxx
> >
> > The above means that you can't separate permissions for the mux socket
> > and the SOCKS socket.
> >
> > Better to create a dedicated SOCKS socket, no?
> >
> >  ssh -D /tmp/ssh-socks-socket ...
> >
> > That is, '-D' may accept either an IP address or a filesystem path.
> > Reserve '-S' for use with multiplexing sockets.  This way, one can:
> >
> >  ssh -D /tmp/ssh-socks-socket -M -S /tmp/ssh-mux-socket ...
> >
> > and allow more than one user to use the SOCKS connection while keeping
> > the mux socket more private.
> >
> > This also makes the '-D' syntax consistent and sensible.
> >

That works for me.   I just found the mutation and corruption of -M -S  
to be a bit dodgy when we already have a -D that is clearly tagged as  
being a socks4/5 server functionality flag.

- Ben

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list