search for: gateway_port

...46,8 +2147,7 @@ char ntop[NI_MAXHOST], strport[NI_MAXSERV]; success = 0; - host = (type == SSH_CHANNEL_RPORT_LISTENER) ? - listen_addr : host_to_connect; + host = host_to_connect; if (host == NULL) { error("No forward host name."); @@ -2167,7 +2167,8 @@ hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + if (getaddrinfo (listen_addr==NULL?NULL:strlen(listen_addr)>0?listen_addr:NULL, + strport, &hints, &am...

...se SSH_CHANNEL_X11_LISTENER: case SSH_CHANNEL_PORT_LISTENER: + case SSH2_CHANNEL_PORT_LISTENER: case SSH_CHANNEL_CLOSED: case SSH_CHANNEL_AUTH_SOCKET: continue; @@ -1449,7 +1550,8 @@ void channel_request_local_forwarding(u_short port, const char *host, - u_short host_port, int gateway_ports) + u_short host_port, int gateway_ports, + int ssh2_remote_fwd) { int success, ch, sock, on = 1; struct addrinfo hints, *ai, *aitop; @@ -1512,7 +1614,8 @@ } /* Allocate a channel number for the socket. */ ch = channel_new( - "port listener", SSH_CHANNEL_PORT_LI...

...1/channels.c Thu Oct 11 20:35:05 2001 +++ openssh-3.0.2p1-NewFeature/channels.c Sat Jan 5 15:36:10 2002 @@ -2057,11 +2057,11 @@ * channel to host:port from remote side. */ int -channel_request_local_forwarding(u_short listen_port, const char *host_to_connect, - u_short port_to_connect, int gateway_ports) +channel_request_local_forwarding(const char *listen_host, u_short listen_port, + const char *host_to_connect, u_short port_to_connect, int gateway_ports) { return channel_request_forwarding( - NULL, listen_port, + listen_host, listen_port, host_to_connect, port_to_connect,...

Heya, I'm trying to convince my company to use OpenSSH instead of the commercial SSH version. I need a little help: 1. What features does OpenSSH offer over commercial SSH (besides being free and open source of course)? 2. Our lawyers want details on the licensing / patents stuff. I have the high level details from the OpenSSH page. I need the nitty gritty like RSA patent# and

...d to use channel type SSH2_CHANNEL_PORT_LISTENER (when someone + * connects to the listening socket we know to send "forwarded-tcpip" message + * instead of "direct-tcpip"). + */ void channel_request_local_forwarding(u_short port, const char *host, - u_short host_port, int gateway_ports) + u_short host_port, int gateway_ports, int ssh2_remote_fwd) { int success, ch, sock, on = 1; struct addrinfo hints, *ai, *aitop; @@ -1482,7 +1620,8 @@ } /* Allocate a channel number for the socket. */ ch = channel_new( - "port listener", SSH_CHANNEL_PORT_LISTENER...

...char *subsystem_command[MAX_SUBSYSTEMS]; + int check_max_startups; int max_startups_begin; int max_startups_rate; int max_startups; --- servconf.c 2002/05/29 03:49:54 1.1 +++ servconf.c 2002/05/29 03:54:09 @@ -112,6 +112,7 @@ options->protocol = SSH_PROTO_UNKNOWN; options->gateway_ports = -1; options->num_subsystems = 0; + options->check_max_startups = -1; options->max_startups_begin = -1; options->max_startups_rate = -1; options->max_startups = -1; @@ -228,6 +229,8 @@ options->allow_tcp_forwarding = 1; if (options->gateway_ports == -1) option...

...e private unless "-g" + * or "-o 'GatewayPorts yes'" is specified when "ssh" is + * started) are [ab]usable by any host which has a route + * to/from the this host. */ memset(&hints, 0, sizeof(hints)); hints.ai_family = IPv4or6; hints.ai_flags = gateway_ports ? AI_PASSIVE : 0; hints.ai_socktype = SOCK_STREAM; snprintf(strport, sizeof strport, "%d", listen_port); - if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + if (getaddrinfo(gateway_ports ? NULL : "127.0.0.1", strport, &hints, &aitop) != 0) packet_dis...

...ate that the port forwarding failed. Here is the patch: --- serverloop.c.orig Sat Feb 22 11:35:39 2003 +++ serverloop.c Sat Feb 22 11:19:29 2003 @@ -989,6 +989,9 @@ /* Start listening on the port */ success = channel_setup_remote_fwd_listener( listen_address, listen_port, options.gateway_ports); + if( !success ){ + fatal("Cannot bind to the remote port"); + } } xfree(listen_address); } And, here is the commandline that I used to initiate the connection: while :; do ssh -N -R 5000:localhost:5000 user at remotesystem sleep 10 don...

...ification."); - goto out; - } - if ((fwd_port = a2port(sfwd_port)) == 0 || - (fwd_host_port = a2port(sfwd_host_port)) == 0) { - logit("Bad forwarding port(s)."); - goto out; - } - if (local) { - if (channel_setup_local_fwd_listener(fwd_port, buf, - fwd_host_port, options.gateway_ports) < 0) { + if (socks){ + if ( (sscanf(s, "%5[0-9]", sfwd_port)) != 1) { + logit("Bad forwarding port."); + goto out; + } + + fwd_port = a2port(sfwd_port); + if (channel_setup_local_fwd_listener(fwd_port, "socks", + 0, options.gateway_ports) < 0) {...

http://bugzilla.mindrot.org/show_bug.cgi?id=413 ------- Additional Comments From dtucker at zip.com.au 2005-01-24 14:27 ------- Created an attachment (id=782) --> (http://bugzilla.mindrot.org/attachment.cgi?id=782&action=view) forward-bind.sh: regression test for binding port forwards to addresses Current limitations of test: - no testing of IPv6 - no testing of backwards compat

Hi! Here is the patch to support tcp wrappers with x11-forwarded connections. The patch is for openssh-3.0.1p1 but it works fine with 2.9.9p2 too. I've understood that this will not be included in the official version because it adds complexity (?!) to openssh. Binding the forwarded port to localhost doesn't solve all problems. I've understood that you should also implement

...le value for the DISPLAY variable, or NULL if an error - * occurs. + * Returns a suitable display number for the DISPLAY variable, or -1 if + * an error occurs. */ -char * -x11_create_display_inet(int screen_number, int x11_display_offset) +int +x11_create_display_inet(int x11_display_offset, int gateway_ports) { int display_number, sock; u_short port; struct addrinfo hints, *ai, *aitop; char strport[NI_MAXSERV]; int gaierr, n, num_socks = 0, socks[NUM_SOCKS]; - char display[512]; - char hostname[MAXHOSTNAMELEN]; for (display_number = x11_display_offset; display_number < MAX_DISP...

...+void +channel_input_port_open_loud(int type, u_int32_t seq, void *ctxt) +{ + channel_input_port_open(type, seq, ctxt, 1); +} + /* -- tcp forwarding */ @@ -2209,6 +2229,8 @@ port); #endif /* Initiate forwarding */ + log("TCP forwarding listening on port %d %s", port, + gateway_ports ? "open" : "private"); channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); /* Free the argument string. */ @@ -2227,10 +2249,31 @@ all_opens_permitted = 1; } +/* + * If the server-wide configuration specifies some permitted_opens + * then don...

...tening to the port 9000. Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN I've checked the code and the only use of the "gateway_ports" variable is when calling the getaddrinfo function (inside channel_request_local_forwarding). The right behaviour should be to deny the port fordwarding request, shouldn't it? Any help? BTW, I'm using openssh-2.2.0p1 on Linux (RedHat). Thanks in advance, Jose _______________...

...mbia email: siegert at sfu.ca Canada V5A 1S6 ======================================================================== --- openssh-3.0.2p1/readconf.c.orig Wed Jan 23 19:44:13 2002 +++ openssh-3.0.2p1/readconf.c Wed Jan 23 19:44:45 2002 @@ -822,7 +822,7 @@ if (options->gateway_ports == -1) options->gateway_ports = 0; if (options->use_privileged_port == -1) - options->use_privileged_port = 0; + options->use_privileged_port = 1; if (options->rhosts_authentication == -1) options->rhosts_authentication = 1; if (options->rsa_authentication == -1)

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

...include "kex.h" #include "mac.h" +#include "channels.h" static void add_listen_addr(ServerOptions *, char *, u_short); static void add_one_listen_addr(ServerOptions *, char *, u_short); @@ -236,6 +237,7 @@ options->allow_tcp_forwarding = 1; if (options->gateway_ports == -1) options->gateway_ports = 0; + channel_fix_permitted_opens(); if (options->max_startups == -1) options->max_startups = 10; if (options->max_startups_rate == -1) @@ -297,7 +299,7 @@ sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, sStrictModes, sEmptyPasswd, sKee...

...nf.c,v 1.50 2000/07/22 09:14:36 markus Exp $"); #include "ssh.h" +#include "entropy.h" #include "servconf.h" #include "xmalloc.h" #include "compat.h" @@ -162,6 +163,8 @@ options->protocol = SSH_PROTO_1|SSH_PROTO_2; if (options->gateway_ports == -1) options->gateway_ports = 0; + if (ssh_prng_command_file == NULL) + ssh_prng_command_file = xstrdup(SSH_PRNG_COMMAND_FILE); if (options->max_startups == -1) options->max_startups = 10; if (options->max_startups_rate == -1) @@ -187,7 +190,7 @@ #endif sPasswordAuthent...