[PATCH] accept SOCKS request over the mux socket
Ben Lindstrom
mouring at eviladmin.org
Thu Mar 12 05:58:28 EST 2009
On Mar 11, 2009, at 1:21 PM, Jim Knoble wrote:
> Circa 2009-03-11 10:27 dixit Ben Lindstrom:
>
> : I'm concerned that people will become confused since -M -S combo has
> : been resevered for multiple ssh terminal sessions over a single
> : tunnel. I'd rather see it more clear like:
> :
> : ssh -D -M -S /tmp/mux 172.20.3.12 -N -f if you want multiple
> tunnels
> : + SOCK support
> : ssh -D -S /tmp/mux .. if you just want SOCKS support instead of a
> PORT
> :
> : Which means an error needs to be throw on
> :
> : ssh -Dxxx -S xxxx
>
> The above means that you can't separate permissions for the mux socket
> and the SOCKS socket.
>
> Better to create a dedicated SOCKS socket, no?
>
> ssh -D /tmp/ssh-socks-socket ...
>
> That is, '-D' may accept either an IP address or a filesystem path.
> Reserve '-S' for use with multiplexing sockets. This way, one can:
>
> ssh -D /tmp/ssh-socks-socket -M -S /tmp/ssh-mux-socket ...
>
> and allow more than one user to use the SOCKS connection while keeping
> the mux socket more private.
>
> This also makes the '-D' syntax consistent and sensible.
>
That works for me. I just found the mutation and corruption of -M -S
to be a bit dodgy when we already have a -D that is clearly tagged as
being a socks4/5 server functionality flag.
- Ben
More information about the openssh-unix-dev
mailing list