search for: 25thandclement

I've updated the streamlocal patch for OpenSSH 4.4p1. http://www.25thandclement.com/~william/projects/streamlocal.html This patch allows for local and remote forwards, to and from Unix domain sockets. Simply specify the socket path, enclosed within squares braces (i.e. -L[/tmp/.s.PGSQL.5432]:[/tmp/.s.PGSQL.5432]) as the origin and/or destination of the -R and -L switches. Thi...

Hello, there is a patch which allows redirecting UNIX domain sockets here: http://www.25thandclement.com/~william/projects/streamlocal.html<http://www.25thandclement.com/%7Ewilliam/projects/streamlocal.html> We really need it in our institution. It's for OpenSSH 4.4 but I managed to adopt it for 4.7p1 included in Ubuntu 8.04. http://v6sa.itcollege.ee/shared/patches/openssh-4.7p1-stream...

I'll be maintaining the streamlocal patch(s)--which teach(es) OpenSSH to forward local and remote domain sockets--here: http://www.25thandclement.com/~william/projects/streamlocal.html - Bill

...thentication/encryption scheme. My specific use case is to securely forward the domain socket used to connect the Tor daemon and it's GUI controller, Vidalia. This way I could elegantly control the Tor daemon running on a headless server on my desktop. A patch for OpenSSH4.7 is here: http://www.25thandclement.com/~william/projects/streamlocal.html -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

Hello, There is one option I would love to see with OpenSSH: generic Unix socket forwarding. Something like that: $ ssh -L /tmp/pulse-2L9K88eMlGn7/native:/tmp/pulse-42 remotehost (and the same with -R) The code should already be here, since OpenSSH already implements two specific cases of Unix socket forwarding: X11 and SSH agent forwarding. Having an option for generic Unix socket

...sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@ -- You are receiving this mail because: You are watching the assignee of the bug.

Hi, I've been planning to develop a support for tunneling between "local_tcp => server_AF_UNIX". This way, every user of server machine, can have: 1. personal address space (if socket is located on personal directory). Currently one must check assigned local port every time starting a server (e.g. vncserver), and redirect a local port to "random" remote port. 2. Added

I am having an issue passing a command through ssh which uses an environment variable. I would like the environment variable to be read from the remote host, but it is being read from the local host. For instance: ssh rhost ls -lm $WWW_HOME $WWW_HOME is set as /usr/www on local but /var/www on the remote so it is being read as : ssh rhost ls -lm /usr/www and I'd like it to be ssh rhost

http://25thandclement.com/~william/openssh-4.3p2-streamlocal-20060421.patch The above URL is a complete patch to OpenSSH 4.3p2 to implement unix domain socket forwarding (this supercedes a canceled message I sent last night w/ an inline attachment). Basically, for forward and reverse forwardings anywhere you previously...

Hello, At work we have an internal application that implements a proxy. It works by counting the number of connections per IP address and using this to enforce usage limits (i.e. not more than X connections from a given IP). The important thing for us is a unique IP per client. We have this implemented where each client first authenticates through OpenVPN and is assigned a unique IP

https://bugzilla.mindrot.org/show_bug.cgi?id=1572 Summary: accept SOCKS requests over the mux socket in master mode Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs

In realpath.c at line 182 left_len = strlcat(symlink, left, sizeof(left)); should be left_len = strlcat(symlink, left, sizeof(symlink)); It's a benign issue because both arrays are the same size. And I can't imagine that ever changing. But it's inconsistent, not to mention throwing compiler warnings on OS X.

has anybody worked with support for the ibutton? i've come across keymgr (http://www.rcpt.to/keymgr/), but it seems to be dead (or playing possum). i've also come across ramblings about integrating ibutton support into openssl, but i dunno how pertinent that is, or even whether the work still exists. i just want to get rid of my passwds (or lock them up in a safe), and the ibutton seems

I'm creating a patch to support Unix domain socket forwarding. I hadn't intended to initally support specifying remote Unix domain sockets (#ifdef'd that code out in the parse_forward() work), but now that I've gotten as far as channel_setup_fwd_listener() it seems like it makes sense to add the support now, rather than later. Any comments on adding to channels.h the following (w/

About two months ago I sent out a patch which provided for a list of users allowed to access a master control socket (rather than the current self or root). Did anybody look at it? Was there any interest? Does it need tweaking? I could think of many uses for it, and I hate to see it linger. - Bill

RFC 4254 says, in regards to the "tcpip-forward" request message: Section 7.1 ... If a client passes 0 as port number to bind and has 'want reply' as TRUE, then the server allocates the next available unprivileged port number and replies with the following message; otherwise, there is no response-specific data. byte SSH_MSG_REQUEST_SUCCESS uint32 port that was bound

I'm merging my "streamlocal" unix domain socket forwarding patch into 4.4p1 (or rather 20060926 SNAP) and I gather that the ExitOnForwardFailure capability only works for protocol 1.0. Am I misreading things? I was really looking forward to that feature. I noticed when I began fixing a merge reject in channel_request_remote_forwarding(). - Bill

I'm having trouble tracking down why it leaks, but below is an example program which shows--using valgrind--that vorbis_info_clear() leaks memory if called before vorbis_dsp_clear(), but not if called after vorbis_dsp_clear(). Just compile and run under valgrind, using the -l switch to the example program to trigger a leak. Tested under OS X 10.7 and Ubuntu 12.04. This may be by design, or

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot