scp -L option

Hendrik Visage hvisage at is.co.za
Thu Oct 12 01:42:18 EST 2000


Hi there,

 I have a need to have scp pass the -P option to ssh
to "bypass" the packetfilters that doesn't allow connections
to return to arbitary "priviledged" ports, ie. ports <1024.

See attached context sensitive diffs  against 2.2.0p1
to please integrate.

Thanx
Hendrik Visage

-------------- next part --------------
*** 1.1	2000/10/11 13:31:45
--- scp.c	2000/10/11 14:26:25
***************
*** 117,122 ****
--- 117,125 ----
  /* This is the program to execute for the secured connection. ("ssh" or -S) */
  char *ssh_program = SSH_PROGRAM;
  
+ /* Using an anonymous port ? */
+ int highport=0;
+ 
  /*
   * This function executes the given command as the specified user on the
   * given host.  This returns < 0 if execution fails, and >= 0 otherwise. This
***************
*** 165,170 ****
--- 168,175 ----
  		args[i++] = ssh_program;
  		args[i++] = "-x";
  		args[i++] = "-oFallBackToRsh no";
+ 		if (highport)
+ 			args[i++] = "-P";
  		if (IPv4)
  			args[i++] = "-4";
  		if (IPv6)
***************
*** 262,268 ****
  	extern int optind;
  
  	fflag = tflag = 0;
! 	while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S")) != EOF)
  		switch (ch) {
  		/* User-visible flags. */
  		case '4':
--- 267,273 ----
  	extern int optind;
  
  	fflag = tflag = 0;
! 	while ((ch = getopt(argc, argv, "LdfprtvBCc:i:P:q46S")) != EOF)
  		switch (ch) {
  		/* User-visible flags. */
  		case '4':
***************
*** 283,288 ****
--- 288,296 ----
  		case 'S':
  			ssh_program = optarg;
  			break;
+ 		case 'L':
+ 			highport=1;
+ 			break;
  
  		/* Server options. */
  		case 'd':
***************
*** 420,435 ****
  				else if (!okname(suser))
  					continue;
  				(void) sprintf(bp,
! 				    "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
  				     ssh_program, verbose_mode ? " -v" : "",
  				     suser, host, cmd, src,
  				     tuser ? tuser : "", tuser ? "@" : "",
  				     thost, targ);
  			} else {
  				host = cleanhostname(argv[i]);
  				(void) sprintf(bp,
! 				    "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
  				     ssh_program, verbose_mode ? " -v" : "",
  				     host, cmd, src,
  				     tuser ? tuser : "", tuser ? "@" : "",
  				     thost, targ);
--- 428,445 ----
  				else if (!okname(suser))
  					continue;
  				(void) sprintf(bp,
! 				    "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
  				     ssh_program, verbose_mode ? " -v" : "",
+ 				     highport ? "" : " -P",
  				     suser, host, cmd, src,
  				     tuser ? tuser : "", tuser ? "@" : "",
  				     thost, targ);
  			} else {
  				host = cleanhostname(argv[i]);
  				(void) sprintf(bp,
! 				    "exec %s%s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
  				     ssh_program, verbose_mode ? " -v" : "",
+ 				     highport ? "" : " -P" ,
  				     host, cmd, src,
  				     tuser ? tuser : "", tuser ? "@" : "",
  				     thost, targ);
***************
*** 961,967 ****
  usage()
  {
  	(void) fprintf(stderr, "usage: scp "
! 	    "[-pqrvC46] [-S ssh] [-P port] [-c cipher] [-i identity] f1 f2; or:\n"
  	    "       scp [options] f1 ... fn directory\n");
  	exit(1);
  }
--- 971,977 ----
  usage()
  {
  	(void) fprintf(stderr, "usage: scp "
! 	    "[-LpqrvC46] [-S ssh] [-P port] [-c cipher] [-i identity] f1 f2; or:\n"
  	    "       scp [options] f1 ... fn directory\n");
  	exit(1);
  }
-------------- next part --------------
*** 1.1	2000/10/11 14:27:17
--- scp.1	2000/10/11 14:32:31
***************
*** 9,15 ****
  .\"
  .\" Created: Sun May  7 00:14:37 1995 ylo
  .\"
! .\" $Id: scp.1,v 1.1 2000/10/11 14:27:17 hvisage Exp $
  .\"
  .Dd September 25, 1999
  .Dt SCP 1
--- 9,15 ----
  .\"
  .\" Created: Sun May  7 00:14:37 1995 ylo
  .\"
! .\" $Id: scp.1,v 1.2 2000/10/11 14:32:24 hvisage Exp $
  .\"
  .Dd September 25, 1999
  .Dt SCP 1
***************
*** 19,25 ****
  .Nd secure copy (remote file copy program)
  .Sh SYNOPSIS
  .Nm scp
! .Op Fl pqrvC46
  .Op Fl P Ar port
  .Op Fl c Ar cipher
  .Op Fl i Ar identity_file
--- 19,25 ----
  .Nd secure copy (remote file copy program)
  .Sh SYNOPSIS
  .Nm scp
! .Op Fl LpqrvC46
  .Op Fl P Ar port
  .Op Fl c Ar cipher
  .Op Fl i Ar identity_file
***************
*** 103,108 ****
--- 103,115 ----
  .Fl p
  is already reserved for preserving the times and modes of the file in
  .Xr rcp 1 .
+ .It Fl L
+ Used to add the 
+ .Fl P flag to 
+ .Xr ssh 1
+ to prevent it from using a priviledge port, but rather an anonymous port. This is
+ useful in getting out of a packet filtered environment that doesn't allow packets to
+ return to priviledged ports, ie. ports <1024.
  .It Fl S
  Name of program to use for the encrypted connection. The program must 
  understand


More information about the openssh-unix-dev mailing list