search for: dynamicforward

http://bugzilla.mindrot.org/show_bug.cgi?id=1077 Summary: Descriptions for "ssh -D" and DynamicForward should mention they can specify "bind_address" optionally Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P5 Component: Do...

Hiyas, currently the commandline that can be reached via ~C cannot create new DynamicForwards. This is a feature I really miss, therefore it would be nice, if it could be implemented, e.g. -D 12345 should open a new socks proxy on port 12345 on the local machine. Also I want to ask what the status on allowing additional a {Local,Remote,Dynamic}Forward using in combination with Control...

...> This will be useful if the point is to get to a web site only only >> the remote machine can connect to, but all the browser code/plugins >> will be the local ones. > If this is actually something you want to do with regularity, I > suggest using the SSH SOCKS proxy (with the DynamicForward port), and > configure Firefox to use the localhost:port as a SOCKS5 proxy. Then > all traffic in firefox will be routed over the ssh connection. It > won't break SNI and for the most part, everything will work in firefox > as if you were connecting from the remote side of the con...

...ConnectTimeout ControlMaster ControlPath + ControlBindMask + ControlAllowUsers + ControlAllowGroups + ControlDenyUsers + ControlDenyGroups DynamicForward EscapeChar ForwardAgent Index: ssh.1 =================================================================== --- ssh.1 (revision 15802) +++ ssh.1 (revision 15803) @@ -691,6 +691,11 @@ .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlBindMask +....

When using LocalForward or DynamicForward sometimes the endpoint does no longer exist but I need to find out *which* endpoint exactly. For example: $ ssh -D 1234 server.example.net On the client, maybe in another terminal: $ curl --socks5-hostname localhost:1234 http://does-not-exist.local curl: (97) connection to proxy closed As...

Hi Everyone, I am using openssh 4.0 in a product, which is affected by CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is also unconditionally enabled). I am trying to backport the fix for this from 4.2 to 4.0. I have been finding the difference between 4.2 and 4.1 and the only change that looks relevant to this bug, to me is the changes made in the file readconf.c with the followi...

Hi I've been looking at a both openssh and couple of commercial SSH implementations(F-Secure and ssh comm.). The one thing I see as missing is the "nice-to-have" feature of FTP specific port forwarding. The commercial implementations allows a syntax of "-L ftp/<someport>:..." which does some "automagical" forwarding of the data channel "under the

...s/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011 23:20:25 -0000 1.319 +++ ssh.1 25 Aug 2011 19:24:29 -0000 @@ -419,11 +419,13 @@ For full details of the options listed b .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -438,6 +440,7 @@ For full details of the options listed b .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuth...

On Thu, Nov 12, 2020 at 10:02:57AM -0700, S Bob wrote: > On 11/12/20 7:50 AM, Jonathan Billings wrote: > > If this is actually something you want to do with regularity, I > > suggest using the SSH SOCKS proxy (with the DynamicForward port), and > > configure Firefox to use the localhost:port as a SOCKS5 proxy. Then > > all traffic in firefox will be routed over the ssh connection. It > > won't break SNI and for the most part, everything will work in firefox > > as if you were connecting from the re...

...ust browse the case at http://bugzilla.mindrot.org/show_bug.cgi?id=207 Hope this patch help you. -- Jean-Charles -------------- next part -------------- --- openssh-3.5p1/readconf.c.ORIG Tue Jul 9 16:06:40 2002 +++ openssh-3.5p1/readconf.c Wed Oct 16 14:59:12 2002 @@ -114,7 +114,7 @@ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oDeprecated + oConnectTimeout, oDeprecated } OpCodes; /* Textual representations of the tokens. */ @@ -186,6 +186,7 @@ { &qu...

If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https

...oTCPKeepAlive, oNumberOfPasswordPrompts, - oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, + oLogFacility, oLogLevel, oLogPath, oLogVerbose, oCiphers, oMacs, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, @@ -271,6 +271,7 @@ static struct { { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "syslogfacility", oLogFacility }, { "loglevel", oLogLevel }, + { "logpath", oLog...

...7 Hope this patch help you. -- Jean-Charles -------------- next part -------------- --- openssh-3.2.2p1/readconf.c.ORIG Tue Feb 5 02:26:35 2002 +++ openssh-3.2.2p1/readconf.c Tue May 21 15:40:06 2002 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens....

...OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: joel.lehtonen at iki.fi I propose OpenSSH to add support for application level transparent proxying in addition to DynamicForward. This feature would be implemented to SSH client. It seems a common practice to use Redsocks and OpenSSH dynamic port forwarding to achieve transparent proxying. I'd like to see direct support for transparent proxy in ssh to avoid the complexity of setting up multiple daemons for a single job....

...ceptions. > > This will be useful if the point is to get to a web site only only > the remote machine can connect to, but all the browser code/plugins > will be the local ones. If this is actually something you want to do with regularity, I suggest using the SSH SOCKS proxy (with the DynamicForward port), and configure Firefox to use the localhost:port as a SOCKS5 proxy. Then all traffic in firefox will be routed over the ssh connection. It won't break SNI and for the most part, everything will work in firefox as if you were connecting from the remote side of the connection. It works w...

Hi I have a daemon application that binds and listens on a TCP socket. To add security, I'd like to embed ssh/sshd in my application to handle the encryption and authentication for me. How do you suggest I go about it? Regards, Jaco -- "The future belongs to those who believe in their dreams." -- Nelson Mandela

...stable. This means that it is possible to set different negations with respect to the "direct" patterns: Host my host SendEnv !* The example above just disables sending any environment variable. The patch is straightforward and might be adapted to other similar cases (LocalForward, DynamicForward, IdentityFile, and RemoteForward as pointed out by Joe Wells). -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.

..._config 5 , then the backgrounded master connection will automatically terminate after it has remained idle (with no client connections) for the -specified time. +specified time. If the time is 0, then the backgrounded master connection +will stay indefinitely (like if set to +.Dq yes +). .It Cm DynamicForward Specifies that a TCP port on the local machine be forwarded over the secure channel, and the application What do you think of that ? Of course, it would also be a good idea to change the behaviour and exits as soon as the last client exits. I tried to change the code in this way, but there is a...

...lt;dirent.h> +#include <setjmp.h> +#include <signal.h> #ifdef HAVE_LIMITS_H # include <limits.h> --- readconf.c.OK Wed Oct 3 19:39:39 2001 +++ readconf.c Sat Jan 26 21:44:35 2002 @@ -115,7 +115,8 @@ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, - oClearAllForwardings, oNoHostAuthenticationForLocalhost + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oConnectTimeout } OpCodes; /* Textual representations of the tokens...

http://bugzilla.mindrot.org/show_bug.cgi?id=1285 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|no way to override SendEnv |provide fallback options |directive in |/etc/ssh/ssh_config