Hi, i have written a patch for openSSH 5.8p2 which allows the user to
set the local source port. The patch is as follows:
diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c
--- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000
+++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100
@@ -125,7 +125,7 @@ typedef enum {
oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
- oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
+ oHostKeyAlgorithms, oBindAddress, oBindPort, oPKCS11Provider,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -210,6 +210,7 @@ static struct {
{ "preferredauthentications", oPreferredAuthentications },
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
+ { "bindport", oBindPort },
#ifdef ENABLE_PKCS11
{ "smartcarddevice", oPKCS11Provider },
{ "pkcs11provider", oPKCS11Provider },
@@ -634,6 +635,10 @@ parse_string:
charptr = &options->bind_address;
goto parse_string;
+ case oBindPort:
+ charptr = &options->bind_port;
+ goto parse_string;
+
case oPKCS11Provider:
charptr = &options->pkcs11_provider;
goto parse_string;
@@ -1133,6 +1138,7 @@ initialize_options(Options * options)
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->preferred_authentications = NULL;
options->bind_address = NULL;
+ options->bind_port = NULL;
options->pkcs11_provider = NULL;
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
diff -rupN openssh-5.8p2//readconf.h openssh-5.8p2-srcport//readconf.h
--- openssh-5.8p2//readconf.h 2010-11-20 04:19:38.000000000 +0000
+++ openssh-5.8p2-srcport//readconf.h 2011-07-17 19:23:57.797387390 +0100
@@ -89,6 +89,7 @@ typedef struct {
char *user_hostfile2;
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
+ char *bind_port;
char *pkcs11_provider; /* PKCS#11 provider */
int verify_host_key_dns; /* Verify host key using DNS */
diff -rupN openssh-5.8p2//ssh.0 openssh-5.8p2-srcport//ssh.0
--- openssh-5.8p2//ssh.0 2011-05-05 02:58:10.000000000 +0100
+++ openssh-5.8p2-srcport//ssh.0 2011-07-17 21:00:05.153358189 +0100
@@ -4,7 +4,7 @@ NAME
ssh - OpenSSH SSH client (remote login program)
SYNOPSIS
- ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
+ ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-B bind_port
] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
@@ -55,6 +55,10 @@ DESCRIPTION
the connection. Only useful on systems with more than one
address.
+ -B bind_port
+ Use bind_port port on the local machine as the source port of
+ the connection.address.
+
-C Requests compression of all data (including stdin, stdout,
stderr, and data for forwarded X11 and TCP connections). The
compression algorithm is the same used by gzip(1), and the
@@ -215,6 +219,7 @@ DESCRIPTION
AddressFamily
BatchMode
BindAddress
+ BindPort
ChallengeResponseAuthentication
CheckHostIP
Cipher
diff -rupN openssh-5.8p2//ssh.1 openssh-5.8p2-srcport//ssh.1
--- openssh-5.8p2//ssh.1 2010-11-20 04:21:03.000000000 +0000
+++ openssh-5.8p2-srcport//ssh.1 2011-07-17 20:56:13.265387325 +0100
@@ -45,6 +45,7 @@
.Bk -words
.Op Fl 1246AaCfgKkMNnqsTtVvXxYy
.Op Fl b Ar bind_address
+.Op Fl B Ar bind_port
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
.Op Fl e Ar escape_char
@@ -127,6 +128,9 @@ Use
on the local machine as the source address
of the connection.
Only useful on systems with more than one address.
+.It Fl B Ar bind_port
+Use bind_port port on the local machine as the source port of
+the connection.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
data for forwarded X11 and TCP connections).
@@ -406,6 +410,7 @@ For full details of the options listed b
.It AddressFamily
.It BatchMode
.It BindAddress
+.It BindPort
.It ChallengeResponseAuthentication
.It CheckHostIP
.It Cipher
diff -rupN openssh-5.8p2//ssh.c openssh-5.8p2-srcport//ssh.c
--- openssh-5.8p2//ssh.c 2011-02-04 00:42:15.000000000 +0000
+++ openssh-5.8p2-srcport//ssh.c 2011-07-17 20:15:48.613053886 +0100
@@ -193,7 +193,7 @@ static void
usage(void)
{
fprintf(stderr,
-"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c
cipher_spec]\n"
+"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-B
bind_port ] [-c cipher_spec]\n"
" [-D [bind_address:]port] [-e escape_char] [-F
configfile]\n"
" [-I pkcs11] [-i identity_file]\n"
" [-L [bind_address:]port:host:hostport]\n"
@@ -297,7 +297,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
+ "AB:CD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
@@ -568,6 +568,9 @@ main(int ac, char **av)
case 'F':
config = optarg;
break;
+ case 'B':
+ options.bind_port = optarg;
+ break;
default:
usage();
}
diff -rupN openssh-5.8p2//ssh_config.0 openssh-5.8p2-srcport//ssh_config.0
--- openssh-5.8p2//ssh_config.0 2011-05-05 02:58:10.000000000 +0100
+++ openssh-5.8p2-srcport//ssh_config.0 2011-07-17 20:50:26.881386898 +0100
@@ -66,6 +66,10 @@ DESCRIPTION
one address. Note that this option does not work if
UsePrivilegedPort is set to ``yes''.
+ BindPort
+ Use bind_port port on the local machine as the source port of the
+ connection.
+
ChallengeResponseAuthentication
Specifies whether to use challenge-response authentication. The
argument to this keyword must be ``yes'' or
``no''. The default
diff -rupN openssh-5.8p2//ssh_config.5 openssh-5.8p2-srcport//ssh_config.5
--- openssh-5.8p2//ssh_config.5 2010-12-26 03:26:48.000000000 +0000
+++ openssh-5.8p2-srcport//ssh_config.5 2011-07-17 20:54:48.829387482 +0100
@@ -143,6 +143,9 @@ Note that this option does not work if
.Cm UsePrivilegedPort
is set to
.Dq yes .
+.It Cm BindPort
+Use the specified port on the local machine as the
+source port of the connection.
.It Cm ChallengeResponseAuthentication
Specifies whether to use challenge-response authentication.
The argument to this keyword must be
diff -rupN openssh-5.8p2//sshconnect.c openssh-5.8p2-srcport//sshconnect.c
--- openssh-5.8p2//sshconnect.c 2011-01-16 12:17:59.000000000 +0000
+++ openssh-5.8p2-srcport//sshconnect.c 2011-07-17 20:19:20.093054511 +0100
@@ -214,7 +214,7 @@ ssh_create_socket(int privileged, struct
fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL)
+ if (options.bind_address == NULL && options.bind_port == NULL)
return sock;
memset(&hints, 0, sizeof(hints));
@@ -222,7 +222,7 @@ ssh_create_socket(int privileged, struct
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
- gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+ gaierr = getaddrinfo(options.bind_address, options.bind_port, &hints,
&res);
if (gaierr) {
error("getaddrinfo: %s: %s", options.bind_address,
ssh_gai_strerror(gaierr));