[PATCH] accept SOCKS request over the mux socket
Ben Lindstrom
mouring at eviladmin.org
Thu Mar 12 02:27:14 EST 2009
On Mar 11, 2009, at 3:48 AM, Salvador Fandino wrote:
>
> hi
>
>> How does this differ from "ssh -D" ?? Which already makes SSH into
>> a SOCK4/5
>> server?
>>
>> Seems like we're duplicating functionality unless there is
>> something else I'm
>> missing.
>
> Actually, I am reusing the SOCKS4/5 code. The difference is that now
> request are also accepted over the multiplexing UNIX socket created
> when ssh is run in master mode.
>
> The problem with INET sockets is that there is no way* to control
> who access then. Even if they are only bound to localhost, in
> multiuser machines, any local user can connect to them.
>
> On the other hand, access to an UNIX socket can be controlled using
> just file permissions, so that, for instance, only the user running
> ssh could connect to it.
I'm concerned that people will become confused since -M -S combo has
been resevered for multiple ssh terminal sessions over a single
tunnel. I'd rather see it more clear like:
ssh -D -M -S /tmp/mux 172.20.3.12 -N -f if you want multiple tunnels
+ SOCK support
ssh -D -S /tmp/mux .. if you just want SOCKS support instead of a PORT
Which means an error needs to be throw on
ssh -Dxxx -S xxxx
- Ben
More information about the openssh-unix-dev
mailing list