[PATCH] accept SOCKS request over the mux socket
Jim Knoble
jmknoble at pobox.com
Thu Mar 12 05:21:54 EST 2009
Circa 2009-03-11 10:27 dixit Ben Lindstrom:
: I'm concerned that people will become confused since -M -S combo has
: been resevered for multiple ssh terminal sessions over a single
: tunnel. I'd rather see it more clear like:
:
: ssh -D -M -S /tmp/mux 172.20.3.12 -N -f if you want multiple tunnels
: + SOCK support
: ssh -D -S /tmp/mux .. if you just want SOCKS support instead of a PORT
:
: Which means an error needs to be throw on
:
: ssh -Dxxx -S xxxx
The above means that you can't separate permissions for the mux socket
and the SOCKS socket.
Better to create a dedicated SOCKS socket, no?
ssh -D /tmp/ssh-socks-socket ...
That is, '-D' may accept either an IP address or a filesystem path.
Reserve '-S' for use with multiplexing sockets. This way, one can:
ssh -D /tmp/ssh-socks-socket -M -S /tmp/ssh-mux-socket ...
and allow more than one user to use the SOCKS connection while keeping
the mux socket more private.
This also makes the '-D' syntax consistent and sensible.
--jim
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
More information about the openssh-unix-dev
mailing list