search for: dynamicforwards

http://bugzilla.mindrot.org/show_bug.cgi?id=1077 Summary: Descriptions for "ssh -D" and DynamicForward should mention they can specify "bind_address" optionally Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority:

...Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: cmirchandani at msn.com The RemoteForward option allows a port to be dynamically assigned if 0 is entered as the port number. It would be helpful if the ssh client could do the same for DynamicForwards and LocalForwards. -- You are receiving this mail because: You are watching the assignee of the bug.

Hiyas, currently the commandline that can be reached via ~C cannot create new DynamicForwards. This is a feature I really miss, therefore it would be nice, if it could be implemented, e.g. -D 12345 should open a new socks proxy on port 12345 on the local machine. Also I want to ask what the status on allowing additional a {Local,Remote,Dynamic}Forward using in combination with ControlM...

On 11/12/20 7:50 AM, Jonathan Billings wrote: > On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote: >> If the point is to access a specific web site only the remote >> machine can get to, you can also do it with port forwarding: >> ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine >> and

Attached (and inline) is a patch to add the following config options: ControlBindMask ControlAllowUsers ControlAllowGroups ControlDenyUsers ControlDenyGroups It pulls the peer credential check from client_process_control() in ssh.c, and expounds upon it in a new function, client_control_grant(). Supplemental groups are not checked in this patch. I didn't feel comfortable taking a shot

When using LocalForward or DynamicForward sometimes the endpoint does no longer exist but I need to find out *which* endpoint exactly. For example: $ ssh -D 1234 server.example.net On the client, maybe in another terminal: $ curl --socks5-hostname localhost:1234 http://does-not-exist.local curl: (97) connection to proxy closed As expected. But on the server (OpenSSH 8.4), the following is

Hi Everyone, I am using openssh 4.0 in a product, which is affected by CVE-2005-2797 (If DynamicForward option is activated, GatewayPorts is also unconditionally enabled). I am trying to backport the fix for this from 4.2 to 4.0. I have been finding the difference between 4.2 and 4.1 and the only change that looks relevant to this bug, to me is the changes made in the file readconf.c with the

Hi I've been looking at a both openssh and couple of commercial SSH implementations(F-Secure and ssh comm.). The one thing I see as missing is the "nice-to-have" feature of FTP specific port forwarding. The commercial implementations allows a syntax of "-L ftp/<someport>:..." which does some "automagical" forwarding of the data channel "under the

A few options appear to be missing from the list in ssh's manual. The one I didn't add is EnableSSHKeysign, whose description implies it is only effective when placed in the system-wide config file. Index: ssh.1 =================================================================== RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.319 diff -u -p -r1.319 ssh.1 --- ssh.1 7 May 2011

On Thu, Nov 12, 2020 at 10:02:57AM -0700, S Bob wrote: > On 11/12/20 7:50 AM, Jonathan Billings wrote: > > If this is actually something you want to do with regularity, I > > suggest using the SSH SOCKS proxy (with the DynamicForward port), and > > configure Firefox to use the localhost:port as a SOCKS5 proxy. Then > > all traffic in firefox will be routed over the ssh

Here is the version of this patch for the last portable version of OpenSSH (3.5p1), as it is not included in the main tree. The patch avoids waiting to long when using ssh() or scp() on a down host, it is usefull when you have to update many hosts via rsync or rdist themselves relying upon ssh(). It enables a new option 'ConnectTimeout' to control exactly the timeout value, so that it can

If the point is to access a specific web site only the remote machine can get to, you can also do it with port forwarding: ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine and then locally run any browser, and access https://localhost:443 (assuming it's https. If it's plain http, use "http" and 80). Note that you'll be breaking some aspects of https

ssh client has the ability to set the destination of debug logs via the `-E` flag. ssh_config lacks an equivalent keyword to set the same option via configs. This patch follows the same semantics of other `*Path` type keywords and creates a new ssh_config keyword `LogPath`. [0] Bugzilla: https://bugzilla.mindrot.org/show_bug.cgi?id=3683 [1] GitHub PR:

Here are the new versions of this widely used patch for OpenSSH 3.2.2p1 and 3.2.3p1. The patch avoids waiting to long when using ssh() or scp() on a down host, it is usefull when you have to update many hosts via rsync or rdist themselves relying upon ssh(). It enables a new option 'ConnectTimeout' to control exactly the timeout value, so that it can be used even on slow links. These

https://bugzilla.mindrot.org/show_bug.cgi?id=2526 Bug ID: 2526 Summary: Support for transparent proxying Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Thu, Nov 12, 2020 at 12:56:15PM +0000, Bernstein, Noam CIV USN NRL (6393) Washington DC (USA) via CentOS wrote: > > If the point is to access a specific web site only the remote > machine can get to, you can also do it with port forwarding: > ssh -L 8000:ip_of_web_site_to_access_from_remote:443 remote_machine > and then locally run any browser, and access >

Hi I have a daemon application that binds and listens on a TCP socket. To add security, I'd like to embed ssh/sshd in my application to handle the encryption and authentication for me. How do you suggest I go about it? Regards, Jaco -- "The future belongs to those who believe in their dreams." -- Nelson Mandela

https://bugzilla.mindrot.org/show_bug.cgi?id=1285 Flavio Poletti <flavio at polettix.it> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |flavio at polettix.it --- Comment #8 from Flavio Poletti <flavio at polettix.it> --- Created attachment

Hi, While testing the ControlPersist option (which is very useful by the way, thank you), I find out that setting it to 0 has the same behaviour as setting it to yes, while I would have expected to exit as soon as the last client exits. I'd like to make this behaviour clear, I think it should be documentated in the man page for example like this: $ cvs diff -u ssh_config.5 Index:

The attached patch adds a new 'ConnectTimeout' option (man page updated in patch) to avoid wasting time when the target host is down. I needed that because I was using rsync/rdist over ssh for massive files update and the default connect() took too long for my purpose. The patch was tested on Linux only, but I used a similar one for ssh 1.2.XX on Linux, Solaris and HP-UX without