Patch for Socks5 support for dynamic portforwaring?
Dan Kaminsky
dan at doxpara.com
Wed Jun 25 06:47:32 EST 2003
Alex Peuchert wrote:
>Hi,
>just to enlighten my ignorance ;-)
>
>Why was Socks5 support removed from openssh?
>
>I also could see some useful applications for SOCKS5 over SSH ...
>
>
This is a slightly different use of SOCKS than most people know about;
using it to drive SSH port forwarding. So you don't run a VPN server or
anything of the sort; you just SSH in and watch all your TCP sockets get
routed through SSH. It's really nice.
With SOCKS4, only the TCP sockets are wrapped; the DNS necessary to set
packet IPs isn't. So with SOCKS4, we leak.
SOCKS5 wouldn't. I understand HTTP parsing is a bit complicated, but I
can't see why we should be intentionally not supporting a more secure
protocol.
--Dan
More information about the openssh-unix-dev
mailing list