is openssh going to ever contain socks4/5 proxy support (http://www.socks.nec.com/) the same way ssh (nonfree version) does? Without this support, openssh is completely unusable behind a firewall. Hayden A. James
On Mon, Sep 25, 2000 at 07:46:21AM -0400, Hayden James wrote:> is openssh going to ever contain socks4/5 proxy support > (http://www.socks.nec.com/) the same way ssh (nonfree version) does? > Without this support, openssh is completely unusable behind a firewall.you can always write a proxy for 'ProxyCommand' or use runsocks.
I have successfully followed the instructions at the NEC socks site to
socksify openssh. I did it as follows:
- Compile and install libsocks
- Configure openssh as normal
- Edit Makefile and change CFLAGS to include -DSOCKS,
change LIBS to include -lsocks5
- Edit config.h and add #include <socks.h>
Each compilation unit will complain that certain functions are being
redefined, but the end result will work through socks using the file
/etc/libsocks5.conf as reference. Since runsocks does not exist for AIX I
have found this the easiet and quickest way to get socks support.
Best wishes,
--------------------------------------------------------
Doug Manton, AT&T EMEA Firewall and Security Solutions
demanton at att.com
--------------------------------------------------------
"If privacy is outlawed, only outlaws will have privacy"
>>>>> at Mon, 25 Sep 2000 07:46:21 -0400 >>>>> Hayden James <hjames at stevens-tech.edu> said,> > is openssh going to ever contain socks4/5 proxy support > (http://www.socks.nec.com/) the same way ssh (nonfree version) does? > Without this support, openssh is completely unusable behind a firewall.I have one proxy command which use SOCKS5 or HTTP-proxy (CONNECT). I'm using it every day via SOCKS to login to out-side host from UNIX (BSD/OS) and Windows (CygWin) environments. If you wanna try, get source "connect.c" from http://www.imasy.or.jp/~gotoh/connect.c and compile it. [for UNIX] gcc -o connect connect.c [for Win32 (Visual C)] cl connect.c wsock32.lib You should add entry to use it in ~/.ssh/config, like: [for SOCKS5] Host xxxx ProxyCommand connect -S socks-server %h %p [for HTTP proxy] Host xxxx ProxyCommand connect -H http-server %h %p NOTE: "socks-server" and "htt-server" is proxy hostname on your site. It's very simple. First make connection via SOCKS5 or HTTP-proxy then relaying socket I/O each direction But it is written only for my use. So some functions are lacked. For example SOCKS4 support and USER/PASS authentication support. These are easy to implement, but not yet... I'm welcome your suggestion. --- Regards, Shun-ichi Goto <gotoh at taiyo.co.jp> R&D Group, TAIYO Corp., Tokyo, JAPAN