socks and misc patch to 2.9.9p2

Michael michael at
Tue Oct 9 04:44:25 EST 2001

> On Sat, 6 Oct 2001, Michael wrote:
> > >
> > > Out of interest what is wrong with 'ProxyCommand' for handling this?
> > >  This is kinda why this was design for to support socks and other
> > > proxy type software without the nasty #ifdef/#endif code.
> >
> > There are only 3 or 4 instances of this and no added code lines if
> > you consider the effect of the ifdef's
> >
> > doesn't work for scp, and even if it did, I've got a ton of scripts
> > in existence on numerous machines that are using the old ssh-1.2.xx
> > reference release. It would be nice to upgrade transparently. I'm
> > sure that is why others have tried to add this feature in the past.
> > Michael
> >
> If it does not work for scp than it should be fixed.  This patch
> pretty much is saying.. "I don't care to understand existing
> features therefor I will add a different way of doing the same
> thing."  

Not really, what the "patch" says it that I believe that the ssh code 
should be machine and platform independent for the user. I don't 
consider it particularly useful to have to write a different script 
that uses ssh or scp for every platform that must use a socks proxy 
and to have to modify and update that script  every time the sysadmin 
decides to change or eliminate the socks gateway. I currently deply 
scripts to a multitude of hosts that must utilize socks to have 
firewall acess. These hosts are at different sites and thus have 
differing proxy hosts. It is much cleaner to simply deploy a script 
with commands for ssh and scp that are free of direct references to 
unique hosts that differ among sites. I would much prefer to leave 
proxy selection up to the sysadmin of the site when the hosts are 
configured (or re-configured). I think the general idea is that the 
client application should not have to be configured, only the host 
and only once.

The solution I propose is a general solution, not site specific as it 
the present mode of using a socks proxy from the command line.

>If you wish to describe why it breaks, and suggest a
> solution patch than great.

> Besides, anytime you add in #ifdef into code it makes it harder to
> read and mentally process.   And if you have done an #ifdef count
> between the virgin OpenBSD version and the portable we have 3x
> (slowly creaping up on 4x) as many which is too may.  The whole
> thinking.. "It is just 4 more
> #ifdef"  leads to crap code like SSH-1.2.x.

> I doubt this will be added to the upstream code (in turn it won't
> get to the portable tree).  So I think fixing and useing the
> ProxyCommand or a local patch will be your only two options.

I might suggest that usability by the applications developer be 
taken into consideration. As I've already said, having to customize 
every script use of ssh/scp for each site is asking a bit much. 
Generic internal support of socks by the ssh, scp, sftp clients is 
much more useful in my view. Don't get so hung up on the "ifdefs" 
that you forget the reason we write software to begin with.


Michael Robinton
4600 El Camino Real - Suite 206
Los Altos, CA 94022
Tel: 650 947-3351
Fax: 650 947-3356
michael at

More information about the openssh-unix-dev mailing list