socks and misc patch to 2.9.9p2

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Tue Oct 9 14:43:24 EST 2001


> Not really, what the "patch" says it that I believe that the ssh code
> should be machine and platform independent for the user. I don't
> consider it particularly useful to have to write a different script
> that uses ssh or scp for every platform that must use a socks proxy

why do you have to?  You are not understanding ProxyCommand.



> and to have to modify and update that script  every time the sysadmin
> decides to change or eliminate the socks gateway. I currently deply
> scripts to a multitude of hosts that must utilize socks to have
> firewall acess. These hosts are at different sites and thus have
> differing proxy hosts. It is much cleaner to simply deploy a script
> with commands for ssh and scp that are free of direct references to
> unique hosts that differ among sites. I would much prefer to leave
> proxy selection up to the sysadmin of the site when the hosts are
> configured (or re-configured). I think the general idea is that the
> client application should not have to be configured, only the host
> and only once.
>

> The solution I propose is a general solution, not site specific as it
> the present mode of using a socks proxy from the command line.
>

[.. Quote from an old message posted here.. Provides Sock and HTTP
solution that is more 'general' than adding your code..]

I have one proxy command which use SOCKS5 or HTTP-proxy (CONNECT).
I'm using it every day via SOCKS to login to out-side host
from UNIX (BSD/OS) and Windows (CygWin) environments.

If you wanna try, get source "connect.c" from
http://www.imasy.or.jp/~gotoh/connect.c
and compile it.

[for UNIX]
  gcc -o connect connect.c

[for Win32 (Visual C)]
  cl connect.c wsock32.lib

You should add entry to use it in ~/.ssh/config, like:

[for SOCKS5]
Host xxxx
  ProxyCommand connect -S socks-server %h %p

[for HTTP proxy]
Host xxxx
  ProxyCommand connect -H http-server %h %p

 NOTE: "socks-server" and "http-server" is proxy hostname on your site.

It's very simple.
First make connection via SOCKS5 or HTTP-proxy
then relaying socket I/O each direction
But it is written only for my use.
So some functions are lacked.
For example SOCKS4 support and USER/PASS authentication support.
These are easy to implement, but not yet...

I'm welcome your suggestion.

--- Regards,
 Shun-ichi Goto  <gotoh at taiyo.co.jp>
[..]

Again, I say.. if ProxyCommand breaks scp please provide us a hard example
so we can fix it.

- Ben




More information about the openssh-unix-dev mailing list