[Bug 1572] accept SOCKS requests over the mux socket in master mode

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 13 03:12:15 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1572





--- Comment #4 from Salvador Fandiño <sfandino at yahoo.com>  2009-03-13 03:12:15 ---
Created an attachment (id=1616)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1616)
use UNIX domain sockets instead of INET for tunnel listeners, proof of
concept

Following the discussion on openssh-unix-dev at mindrot.org, the new patch
attached uses a different UNIX socket instead of reusing the
multiplexer one.

Now, it is possible to run...

  $ ssh -D/tmp/foo my.host.com -N

and also...

  $ ssh -L/tmp/bar:remote.host.com:22 -N


For instance, now, this works:

  $ ssh -L/tmp/listener:mandeo:22 10.0.2.2 -N -f
  $ ssh -o ProxyCommand="socat STDIO UNIX-CONNECT:/tmp/listener" mandeo


A "port" is parsed as a UNIX path when it contains some slash.

Unfortunately, slashes already had a meaning on tunnel specifications
as they were used with IPv6 addresses. I had to remove that feature in
order to implement mine... I know this is a bad idea, but this is just
a prove of concept so, forgive me!

I can see two solutions for that:

1) use a different set of flags:

 $ ssh -E/tmp/foo ...                 # instead of -D
 $ ssh -K/tmp/bar:my.host.com:22 ...  # instead of -L

it still doesn't play well with IPv6 addresses as parsing (and writing)
things like...

 $ ssh -K/tmp/bar:::1/22

correctly can be quite tricky.


2) use some kind of special quoting

 $ ssh -D'</tmp/foo>' ...

I like it, but has the inconvenient of <> needing quoting for the
shell. {} and () are also processed by the shell.

{} is probably the less problematic as it will not be modified by the
shell unless some comma is found inside, something unusual for file
names.


Personally, I would go for -D{/tmp/foo}

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list