[Bug 1572] accept SOCKS requests over the mux socket in master mode
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 13 09:34:36 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1572
Jim Knoble <jmknoble at pobox.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jmknoble at pobox.com
--- Comment #5 from Jim Knoble <jmknoble at pobox.com> 2009-03-13 09:34:35 ---
Circa 2009-03-12 11:22 dixit Salvador Fandino:
: > From: Jim Knoble <jmknoble at pobox.com>
: > Sent: Wednesday, March 11, 2009 7:21:54 PM
: >
: > ssh -D /tmp/ssh-socks-socket ...
:
: I have attached a new patch to the request at...
:
: https://bugzilla.mindrot.org/show_bug.cgi?id=1572
:
: doing just that.
:
: There is a problem with it and is that slashes already have an
special
: meaning on tunnel specifications , they are used with IPv6 addresses.
The syntax you're speaking of is (from ssh(1)):
IPv6 addresses can be specified with an alternative syntax:
[bind_address/]port/host/hostport
or by enclosing the address in square brackets.
There's a key difference between that syntax and the Unix-domain socket
path: The leading slash of an absolute path. That is:
# Listen on IPv6 address ::1 on port 2222, forward across the
# ssh link to address ::1, port 22
ssh -L ::1/2222/::1/22
# Listen on a Unix domain socket at /tmp/my-ssh-forward-sock, and
# forward across the ssh link to address 127.0.0.1, port 22
ssh -L /tmp/my-ssh-forward-sock:127.0.0.1:22
# Listen on a Unix domain socket at /tmp/my-ssh-forward-sock, and
# forward across the ssh link to address ::1, port 22
# TODO: Does this work: -L [::1]:2222:[::1]:22
ssh -L /tmp/my-ssh-forward-sock:[::1]:22
# Syntax error (too many ':')
ssh -L /::1/2222/::1/22
In words: If the first character of the argument to -L is '/', it's a
filesystem path, and ':' is required to be the sub-argument separator.
Remote IPv6 addresses must be enclosed in square brackets. Otherwise,
the syntax is the same as before.
Are there plans to implement domain sockets for '-R'? If so:
# Listen on the remote address ::1 on port 2222, forward back
across
# the ssh link to address ::1, port 22
ssh -R ::1/2222/::1/22
# Listen on the remote address 127.0.0.1 on port 2222, forward back
# across the ssh link to the socket at /tmp/my-service-sock on the
# host ssh is running on
ssh -R 127.0.0.1:2222:/tmp/my-service-sock
# Listen on the remote address ::1 on port 2222, forward back
across
# the ssh link to the socket at /tmp/my-service-sock on the host
ssh
# is running on
ssh -R [::1]:2222:/tmp/my-service-sock
# Syntax error (probably produces either "tmp: host not found" or
# "my-service-sock: unknown port")
ssh -R ::1/2222/tmp/my-service-sock
In words, if '/' is used as the subargument separator, then Unix domain
sockets cannot be specified. If ':' is used, remote IPv6 addresses
must be specified in square brackets, and if the first character of the
"local" host specification is '/', then it's a Unix domain socket.
If you want Unix domain sockets to be used with -L or -R on the remote
end as well, that works the same as above, only with -L and -R
reversed.
To forward between Unix domain sockets on both ends, you get:
ssh -L /tmp/ssh-forward-sock:/tmp/my-service-sock
(I.e., only 2 subarguments, separated by ':'). Same for -R.
Obviously,
sshd would have to be patched to support that.
Anything i missed, for -L or -R?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list