Ugly patch to openssh-1.2pre15

Markus Friedl Markus.Friedl at informatik.uni-erlangen.de
Tue Dec 7 03:20:04 EST 1999


On Mon, Dec 06, 1999 at 10:53:56AM -0500, David F. Skoll wrote:
> I am behind a firewall which does not permit connections to port 22, so I
> run my ssh server on port 23. :-)  Unfortunately, the stupid firewall
> prints a few lines of junk when you make a connection to port 23 before
> actually starting the connection.  This confuses ssh.
> 
> Attached is an (ugly) patch against openssh-1.2pre15 which makes it ignore
> a configurable number of lines while looking for the SSH-%d-%d
> identification string.  If you think it's worth including this hack in the
> official version, feel free. :-)

i think, the right way to fix this is by using a proxy-command that
eats the bogus greeting. you don't want to touch ssh for this.

a friend of mine lived behind a firewall that injected telnet commands like
	<IAC,WILL,ECHO>
	<IAC,WILL,SUPPRESS_GO_AHEAD>
for port 23. we used this perl-script and ProxyCommand

% cat .ssh/config
Host bla
	ProxyCommand /blabla/bin/tunnel.pl %h %p
% cat /blabla/bin/tunnel.pl
#!/usr/bin/perl -w
# Usage: ProxyCommand /path/bin/tunnel.pl %h %p

$debug=0;
$debug=1;

sub dial{
	require 'sys/socket.ph'; # perl4
	# don't touch!
	local($thathost, $port, $name, $aliases, $proto, $type, $len);
	local($thataddr, $sockaddr, $that);
	($thathost, $port)=split(/:/,"@_");
        print STDERR "tunnel: trying $thathost port $port... " if $debug;
	$sockaddr = 'S n a4 x8';
	($name, $aliases, $proto) = getprotobyname('tcp');
	($name, $aliases, $type, $len, $thataddr) = gethostbyname($thathost);
	$that = pack($sockaddr, &AF_INET, $port, $thataddr);
	socket(SOCK, &PF_INET, &SOCK_STREAM, $proto) || die "socket: $!";
	connect(SOCK, $that) || die "connect: $!";
        print STDERR "connected\n" if $debug;
}

if($#ARGV !=1){
    print STDERR "usage: $0 destination port\n";
    exit(1);
}
$host=shift;
$port=shift;

&dial("$host:$port");

select(SOCK); $| = 1;
select(STDOUT); $| = 1;

$read=0;
$magic="";
# wait for banner: SSH-
while(sysread(SOCK,$buf,1)){
	$read++;
	$magic .= $buf;
	if($buf eq "S"){
		sysread(SOCK,$buf,3);
		$read+=3;
		$magic .= $buf;
		if($buf eq "SH-"){
			print STDERR "tunnel: MAGIC $read bytes\n" if $debug;
			print STDERR "tunnel: pre-MAGIC: $magic\n" if $debug;
			while($magic =~ /(.)/g){
				printf STDERR "%x ",ord($1) if $debug;
			}
			print STDERR "\n" if $debug;
			print STDOUT ("SSH-");
			last;
		}
	}
}

if($child = fork){
	while(sysread(STDIN,$buf,4096)){
		print SOCK ($buf);
	}
	sleep 2;
	kill(15,$child) if $child;
}else{
	while(sysread(SOCK,$buf,4096)){
		print STDOUT ($buf);
	}
}
% ssh -v -p 23 bla





More information about the openssh-unix-dev mailing list