[Bug 1572] accept SOCKS requests over the mux socket in master mode
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 13 03:12:15 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1572
--- Comment #4 from Salvador Fandiño <sfandino at yahoo.com> 2009-03-13 03:12:15 ---
Created an attachment (id=1616)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1616)
use UNIX domain sockets instead of INET for tunnel listeners, proof of
concept
Following the discussion on openssh-unix-dev at mindrot.org, the new patch
attached uses a different UNIX socket instead of reusing the
multiplexer one.
Now, it is possible to run...
$ ssh -D/tmp/foo my.host.com -N
and also...
$ ssh -L/tmp/bar:remote.host.com:22 -N
For instance, now, this works:
$ ssh -L/tmp/listener:mandeo:22 10.0.2.2 -N -f
$ ssh -o ProxyCommand="socat STDIO UNIX-CONNECT:/tmp/listener" mandeo
A "port" is parsed as a UNIX path when it contains some slash.
Unfortunately, slashes already had a meaning on tunnel specifications
as they were used with IPv6 addresses. I had to remove that feature in
order to implement mine... I know this is a bad idea, but this is just
a prove of concept so, forgive me!
I can see two solutions for that:
1) use a different set of flags:
$ ssh -E/tmp/foo ... # instead of -D
$ ssh -K/tmp/bar:my.host.com:22 ... # instead of -L
it still doesn't play well with IPv6 addresses as parsing (and writing)
things like...
$ ssh -K/tmp/bar:::1/22
correctly can be quite tricky.
2) use some kind of special quoting
$ ssh -D'</tmp/foo>' ...
I like it, but has the inconvenient of <> needing quoting for the
shell. {} and () are also processed by the shell.
{} is probably the less problematic as it will not be modified by the
shell unless some comma is found inside, something unusual for file
names.
Personally, I would go for -D{/tmp/foo}
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list