[PATCH] accept SOCKS request over the mux socket
Salvador Fandino
sfandino at yahoo.com
Wed Mar 11 19:48:37 EST 2009
hi
> How does this differ from "ssh -D" ?? Which already makes SSH into a SOCK4/5
> server?
>
> Seems like we're duplicating functionality unless there is something else I'm
> missing.
Actually, I am reusing the SOCKS4/5 code. The difference is that now request are also accepted over the multiplexing UNIX socket created when ssh is run in master mode.
The problem with INET sockets is that there is no way* to control who access then. Even if they are only bound to localhost, in multiuser machines, any local user can connect to them.
On the other hand, access to an UNIX socket can be controlled using just file permissions, so that, for instance, only the user running ssh could connect to it.
- Salva
* well, unless you add authentication support to the SOCKS4/5 code, but IMO, that would be something really complex to manage and to use.
More information about the openssh-unix-dev
mailing list