socks5 support

Michael Robinton michael at bizsystems.com
Tue May 14 01:04:40 EST 2002


>:> This is best handled by a ProxyCommand helper.
>:>
>:ProxyCommand helper does not allow you to bridge multiple socks
>:servers since it knows nothing about the next server.
>:
>:i.e. to go from behind firewall A over the internet to B then behind
>:firewall B transparently.
>
>Wouldn't that depend on how full-featured the proxycommand program is?
>Below is what Sun did for Solaris 9, which I think is pretty basic.
>The complete man page can be found at docs.sun.com.

>Also, there are 2 SOCKS discussions going on I think: one for client
>support to connect thru SOCKS servers and another to have SOCKS5
>server support for dynamic forwards.
>
>NAME
>
>ssh-socks5-proxy-connect - Secure Shell proxy for SOCKS5
>
>SYNOPSIS
>
>/usr/lib/ssh/ssh-socks5-proxy-connect [-h socks5_proxy_host] [-p
>socks5_proxy_port] connect_host connect_port
>
>DESCRIPTION
>
>A proxy command for ssh(1) that uses SOCKS5 (RFC 1928). Typical use is
>where connections external to a network are only allowed via a socks
>gateway server.

I guess it's you point of view. I consider the above implementation to be
a bit brain dead. The whole purpose of integrated socks support is to
allow seamless operation and to allow a single point of configuration i.e.
the socks config files.

Using the proxy approach requires that each use of a proxy be individually
configured which means extra work, extra room for error and extra security
problems. The point can be argued to death. There is either support for
socks or there is not. Personally I think it is a useful feature.

Michael




More information about the openssh-unix-dev mailing list