socks and misc patch to 2.9.9p2
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Tue Oct 9 14:43:24 EST 2001
> Not really, what the "patch" says it that I believe that the ssh code
> should be machine and platform independent for the user. I don't
> consider it particularly useful to have to write a different script
> that uses ssh or scp for every platform that must use a socks proxy
why do you have to? You are not understanding ProxyCommand.
> and to have to modify and update that script every time the sysadmin
> decides to change or eliminate the socks gateway. I currently deply
> scripts to a multitude of hosts that must utilize socks to have
> firewall acess. These hosts are at different sites and thus have
> differing proxy hosts. It is much cleaner to simply deploy a script
> with commands for ssh and scp that are free of direct references to
> unique hosts that differ among sites. I would much prefer to leave
> proxy selection up to the sysadmin of the site when the hosts are
> configured (or re-configured). I think the general idea is that the
> client application should not have to be configured, only the host
> and only once.
>
> The solution I propose is a general solution, not site specific as it
> the present mode of using a socks proxy from the command line.
>
[.. Quote from an old message posted here.. Provides Sock and HTTP
solution that is more 'general' than adding your code..]
I have one proxy command which use SOCKS5 or HTTP-proxy (CONNECT).
I'm using it every day via SOCKS to login to out-side host
from UNIX (BSD/OS) and Windows (CygWin) environments.
If you wanna try, get source "connect.c" from
http://www.imasy.or.jp/~gotoh/connect.c
and compile it.
[for UNIX]
gcc -o connect connect.c
[for Win32 (Visual C)]
cl connect.c wsock32.lib
You should add entry to use it in ~/.ssh/config, like:
[for SOCKS5]
Host xxxx
ProxyCommand connect -S socks-server %h %p
[for HTTP proxy]
Host xxxx
ProxyCommand connect -H http-server %h %p
NOTE: "socks-server" and "http-server" is proxy hostname on your site.
It's very simple.
First make connection via SOCKS5 or HTTP-proxy
then relaying socket I/O each direction
But it is written only for my use.
So some functions are lacked.
For example SOCKS4 support and USER/PASS authentication support.
These are easy to implement, but not yet...
I'm welcome your suggestion.
--- Regards,
Shun-ichi Goto <gotoh at taiyo.co.jp>
[..]
Again, I say.. if ProxyCommand breaks scp please provide us a hard example
so we can fix it.
- Ben
More information about the openssh-unix-dev
mailing list