Is there socksify script for dynamics forwardings to unix domain sockets?

Jö Fahlke jorrit at jorrit.de
Wed Feb 21 22:00:38 AEDT 2018


Am Di, 20. Feb 2018, 23:13:16 -0800 schrieb Dan Kaminsky:
> Date: Tue, 20 Feb 2018 23:13:16 -0800
> From: Dan Kaminsky <dan at doxpara.com>
> To: Jö Fahlke <jorrit at jorrit.de>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Is there socksify script for dynamics forwardings to unix
>  domain sockets?
> 
> Whoa.  That's pretty cool.
> 
> Empirically, how well do LD_PRELOAD scripts work in grabbing all socket
> calls?

Good point, I did not check that before, so I tried now (with tsocks on Debian
stretch and the "ssh -D" socks port on a random port on localhost) and got
mixed results.  Generally, anything name-lookup related does not seem to work
and I have to use IP addresses.

- ipmiconsole did not work with tsocks, the connection simply times out.  No
  idea why, and not a big deal, as it is console-based I can ssh into the
  login host and use it from there.

- chromium did not work at all.  (I get "This site can’t be
  reached"/"10.xx.xx.xx unexpectedly closed the
  connection."/ERR_CONNECTION_CLOSED) I heard somewhere that it uses AppArmor
  or something, so maybe that is interfering.

- firefox works well, even to the point where I get graphical remote KVM,
  despite the management web-interfaces's warning that it is supposedly
  missing some features required for that.

Regards,
Jö.

-- 
Jorrit (Jö) Fahlke, Institute for Computational und Applied Mathematics,
University of Münster, Orleans-Ring 10, D-48149 Münster
Tel: +49 251 83 35146 Fax: +49 251 83 32729

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180221/6120d044/attachment.asc>


More information about the openssh-unix-dev mailing list