Hi all
I was thinking maybe other ppl need this small hack :)
So ssh supports ProxyCommand which use a separate proccess
for in/out chans to remote sshd. But sometimes this extra proc
is not desired but ssh should use a specific socket (in
below patch is fd 3 and 4) for same thing.. For example a reverse ssh
connection where sshd connects back to ssh(which is executed by a
a script that binds to the port then execute ssh:
on sshd side:
$ nc -w 60 -c '/usr/sbin/sshd -i' ssh_host 12345
on ssh side:
#!/usr/bin/perl
use Socket qw(:all);
our $bind_port = 12345;
our $bind_addr = "0";
$^F = 5;
socket(my $sfd, AF_INET, SOCK_STREAM, 6) || die "socket: $!";
bind($sfd, sockaddr_in($bind_port, inet_aton $bind_addr)) || die "bind:
$!";
listen($sfd,SOMAXCONN) || die "listen: $!";
accept (Cfd,$sfd);
close $sfd;
open 3,"<&Cfd";
open 4,"<&Cfd";
if(! grep fileno(Cfd) == $_,(3,4)) { close Cfd;}
exec {ssh} qw(ssh -D2085 -oProxyCommand=:socket: user at sshd_host);
So if you pass -oProxyCommand=:socket: to ssh it will not make a new child
but use those 2 fd.
diff -rNu openssh-4.5p1/sshconnect.c openssh-4.5p1-ssh-socket/sshconnect.c
--- openssh-4.5p1/sshconnect.c 2006-10-23 20:02:24.000000000 +0300
+++ openssh-4.5p1-ssh-socket/sshconnect.c 2007-01-16
14:06:31.000000000 +0200
@@ -310,8 +310,14 @@
debug2("ssh_connect: needpriv %d", needpriv);
/* If a proxy command is given, connect using it. */
- if (proxy_command != NULL)
- return ssh_proxy_connect(host, port, proxy_command);
+ if (proxy_command != NULL) {
+ if(strcmp(proxy_command,":socket:"))
+ return ssh_proxy_connect(host, port, proxy_command);
+ else {
+ packet_set_connection(3, 4);
+ return 0;
+ }
+ }
/* No proxy command. */
