scp -L option
Hendrik Visage
hvisage at is.co.za
Thu Oct 12 01:42:18 EST 2000
Hi there,
I have a need to have scp pass the -P option to ssh
to "bypass" the packetfilters that doesn't allow connections
to return to arbitary "priviledged" ports, ie. ports <1024.
See attached context sensitive diffs against 2.2.0p1
to please integrate.
Thanx
Hendrik Visage
-------------- next part --------------
*** 1.1 2000/10/11 13:31:45
--- scp.c 2000/10/11 14:26:25
***************
*** 117,122 ****
--- 117,125 ----
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = SSH_PROGRAM;
+ /* Using an anonymous port ? */
+ int highport=0;
+
/*
* This function executes the given command as the specified user on the
* given host. This returns < 0 if execution fails, and >= 0 otherwise. This
***************
*** 165,170 ****
--- 168,175 ----
args[i++] = ssh_program;
args[i++] = "-x";
args[i++] = "-oFallBackToRsh no";
+ if (highport)
+ args[i++] = "-P";
if (IPv4)
args[i++] = "-4";
if (IPv6)
***************
*** 262,268 ****
extern int optind;
fflag = tflag = 0;
! while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S")) != EOF)
switch (ch) {
/* User-visible flags. */
case '4':
--- 267,273 ----
extern int optind;
fflag = tflag = 0;
! while ((ch = getopt(argc, argv, "LdfprtvBCc:i:P:q46S")) != EOF)
switch (ch) {
/* User-visible flags. */
case '4':
***************
*** 283,288 ****
--- 288,296 ----
case 'S':
ssh_program = optarg;
break;
+ case 'L':
+ highport=1;
+ break;
/* Server options. */
case 'd':
***************
*** 420,435 ****
else if (!okname(suser))
continue;
(void) sprintf(bp,
! "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
} else {
host = cleanhostname(argv[i]);
(void) sprintf(bp,
! "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
--- 428,445 ----
else if (!okname(suser))
continue;
(void) sprintf(bp,
! "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
+ highport ? "" : " -P",
suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
} else {
host = cleanhostname(argv[i]);
(void) sprintf(bp,
! "exec %s%s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
+ highport ? "" : " -P" ,
host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
***************
*** 961,967 ****
usage()
{
(void) fprintf(stderr, "usage: scp "
! "[-pqrvC46] [-S ssh] [-P port] [-c cipher] [-i identity] f1 f2; or:\n"
" scp [options] f1 ... fn directory\n");
exit(1);
}
--- 971,977 ----
usage()
{
(void) fprintf(stderr, "usage: scp "
! "[-LpqrvC46] [-S ssh] [-P port] [-c cipher] [-i identity] f1 f2; or:\n"
" scp [options] f1 ... fn directory\n");
exit(1);
}
-------------- next part --------------
*** 1.1 2000/10/11 14:27:17
--- scp.1 2000/10/11 14:32:31
***************
*** 9,15 ****
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
! .\" $Id: scp.1,v 1.1 2000/10/11 14:27:17 hvisage Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
--- 9,15 ----
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
! .\" $Id: scp.1,v 1.2 2000/10/11 14:32:24 hvisage Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
***************
*** 19,25 ****
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
! .Op Fl pqrvC46
.Op Fl P Ar port
.Op Fl c Ar cipher
.Op Fl i Ar identity_file
--- 19,25 ----
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
! .Op Fl LpqrvC46
.Op Fl P Ar port
.Op Fl c Ar cipher
.Op Fl i Ar identity_file
***************
*** 103,108 ****
--- 103,115 ----
.Fl p
is already reserved for preserving the times and modes of the file in
.Xr rcp 1 .
+ .It Fl L
+ Used to add the
+ .Fl P flag to
+ .Xr ssh 1
+ to prevent it from using a priviledge port, but rather an anonymous port. This is
+ useful in getting out of a packet filtered environment that doesn't allow packets to
+ return to priviledged ports, ie. ports <1024.
.It Fl S
Name of program to use for the encrypted connection. The program must
understand
More information about the openssh-unix-dev
mailing list