Jö Fahlke
2018-Feb-20 14:31 UTC
Is there socksify script for dynamics forwardings to unix domain sockets?
Hi! I noticed that `ssh -D /tmp/socket $myhost` will actually provide a socks server listing on the unix domain socket /tmp/socket (this does not appear to be documented, though it is semi-documented for -L and -R). Do you know of any "socksification" script to go along with it, in the spirit of tsocks of socksify (from dante)? Those do not seem to support socks servers running on unix domain sockets. My ultimate goal is to use a web browser and various impi-utilities socksified so I can access a management network behind a login host that itself is accessible via ssh. Those tools only support IP-based SOCKS-servers at best. And I'd like to not have an open SOCKS-server running on localhost, if possible. MfG, Jorrit Fahlke- -- Jorrit (J?) Fahlke, Institute for Computational und Applied Mathematics, University of M?nster, Orleans-Ring 10, D-48149 M?nster Tel: +49 251 83 35146 Fax: +49 251 83 32729 A mathematician is a device to turn coffee into theorems. -- Paul Erd?s -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180220/ec222b85/attachment.asc>
Carson Gaspar
2018-Feb-20 22:33 UTC
Is there socksify script for dynamics forwardings to unix domain sockets?
On 2/20/2018 9:31 AM, J? Fahlke wrote:> Do you know of any "socksification" script to go along with it, in the spirit > of tsocks of socksify (from dante)? Those do not seem to support socks > servers running on unix domain sockets.There's a patch attached to https://bugzilla.mindrot.org/show_bug.cgi?id=1572 that adds UDS support to dsocks-1.6
Dan Kaminsky
2018-Feb-21 07:13 UTC
Is there socksify script for dynamics forwardings to unix domain sockets?
Whoa. That's pretty cool. Empirically, how well do LD_PRELOAD scripts work in grabbing all socket calls? On Tue, Feb 20, 2018 at 6:31 AM, J? Fahlke <jorrit at jorrit.de> wrote:> Hi! > > I noticed that `ssh -D /tmp/socket $myhost` will actually provide a socks > server listing on the unix domain socket /tmp/socket (this does not appear > to > be documented, though it is semi-documented for -L and -R). > > Do you know of any "socksification" script to go along with it, in the > spirit > of tsocks of socksify (from dante)? Those do not seem to support socks > servers running on unix domain sockets. > > My ultimate goal is to use a web browser and various impi-utilities > socksified > so I can access a management network behind a login host that itself is > accessible via ssh. Those tools only support IP-based SOCKS-servers at > best. > And I'd like to not have an open SOCKS-server running on localhost, if > possible. > > MfG, > Jorrit Fahlke- > > -- > Jorrit (J?) Fahlke, Institute for Computational und Applied Mathematics, > University of M?nster, Orleans-Ring 10, D-48149 M?nster > Tel: +49 251 83 35146 Fax: +49 251 83 32729 > > A mathematician is a device to turn coffee into theorems. > -- Paul Erd?s > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > >
Jö Fahlke
2018-Feb-21 11:00 UTC
Is there socksify script for dynamics forwardings to unix domain sockets?
Am Di, 20. Feb 2018, 23:13:16 -0800 schrieb Dan Kaminsky:> Date: Tue, 20 Feb 2018 23:13:16 -0800 > From: Dan Kaminsky <dan at doxpara.com> > To: J? Fahlke <jorrit at jorrit.de> > Cc: openssh-unix-dev at mindrot.org > Subject: Re: Is there socksify script for dynamics forwardings to unix > domain sockets? > > Whoa. That's pretty cool. > > Empirically, how well do LD_PRELOAD scripts work in grabbing all socket > calls?Good point, I did not check that before, so I tried now (with tsocks on Debian stretch and the "ssh -D" socks port on a random port on localhost) and got mixed results. Generally, anything name-lookup related does not seem to work and I have to use IP addresses. - ipmiconsole did not work with tsocks, the connection simply times out. No idea why, and not a big deal, as it is console-based I can ssh into the login host and use it from there. - chromium did not work at all. (I get "This site can?t be reached"/"10.xx.xx.xx unexpectedly closed the connection."/ERR_CONNECTION_CLOSED) I heard somewhere that it uses AppArmor or something, so maybe that is interfering. - firefox works well, even to the point where I get graphical remote KVM, despite the management web-interfaces's warning that it is supposedly missing some features required for that. Regards, J?. -- Jorrit (J?) Fahlke, Institute for Computational und Applied Mathematics, University of M?nster, Orleans-Ring 10, D-48149 M?nster Tel: +49 251 83 35146 Fax: +49 251 83 32729 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180221/6120d044/attachment.asc>