[PATCH] accept SOCKS request over the mux socket
Salvador Fandino
sfandino at yahoo.com
Fri Mar 13 03:22:40 EST 2009
----- Original Message ----
> From: Jim Knoble <jmknoble at pobox.com>
> To: Ben Lindstrom <mouring at eviladmin.org>
> Cc: Salvador Fandino <sfandino at yahoo.com>; openssh-unix-dev at mindrot.org
> Sent: Wednesday, March 11, 2009 7:21:54 PM
> Subject: Re: [PATCH] accept SOCKS request over the mux socket
>
> Circa 2009-03-11 10:27 dixit Ben Lindstrom:
>
> : I'm concerned that people will become confused since -M -S combo has
> : been resevered for multiple ssh terminal sessions over a single
> : tunnel. I'd rather see it more clear like:
> :
> : ssh -D -M -S /tmp/mux 172.20.3.12 -N -f if you want multiple tunnels
> : + SOCK support
> : ssh -D -S /tmp/mux .. if you just want SOCKS support instead of a PORT
> :
> : Which means an error needs to be throw on
> :
> : ssh -Dxxx -S xxxx
>
> The above means that you can't separate permissions for the mux socket
> and the SOCKS socket.
>
> Better to create a dedicated SOCKS socket, no?
>
> ssh -D /tmp/ssh-socks-socket ...
>
> That is, '-D' may accept either an IP address or a filesystem path.
> Reserve '-S' for use with multiplexing sockets. This way, one can:
>
> ssh -D /tmp/ssh-socks-socket -M -S /tmp/ssh-mux-socket ...
>
> and allow more than one user to use the SOCKS connection while keeping
> the mux socket more private.
>
> This also makes the '-D' syntax consistent and sensible.
I have attached a new patch to the request at...
https://bugzilla.mindrot.org/show_bug.cgi?id=1572
doing just that.
There is a problem with it and is that slashes already have an special meaning on tunnel specifications , they are used with IPv6 addresses.
My proposal (not implemented on the patch yet) would be to use {} to demarcate unix paths as in
$ ssh -D{/tmp/bar} ...
and
$ ssh -L{/tmp/foo}:host:22 ...
It will fail for -L{/tmp/name,with,commas}, but hey, this is not very common!
Cheers,
- Salva
>
> --jim
>
> --
> jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
> (GnuPG key ID: C6F31FFA >>>>>> http://www.pobox.com/~jmknoble/keys/ )
> (GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
More information about the openssh-unix-dev
mailing list