search for: host_port

Hi, It looks like remote forwarding with SSH v2 is not working on my Solaris machines (and from what I understand from the source, it may not work elsewhere either). When looking at channel_post_port_listener() in channels.c, I found that nextstate was defined as : nextstate = (c->host_port == 0) ? SSH_CHANNEL_DYNAMIC : SSH_CHANNEL_OPENING; And later comes the call : if (nextstate != SSH_CHANNEL_DYNAMIC) port_open_helper(nc, rtype); It turns out that on the server-side, for a channel type of SSH_CHANNEL_RPORT_LISTENER, c->host_port is 0 and therefore, per the above co...

...s].host_to_connect = xstrdup(host_to_connect); permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; permitted_opens[num_permitted_opens].listen_port = listen_port; @@ -2335,7 +2338,7 @@ #endif /* Initiate forwarding */ - channel_setup_local_fwd_listener(port, hostname, host_port, gateway_ports); + channel_setup_local_fwd_listener(NULL, port, hostname, host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); diff -u -r openssh-3.8p1/channels.h openssh-3.8p1-localbind/channels.h --- openssh-3.8p1/channels.h 2003-10-01 23:17:00.000000000 -0700 +++ ope...

...ason the original script didn't work using /bin/sh, but it did with /bin/bash, so I changed that too). *#!/bin/bash* # used some from advanced script to have multiple ports: use an equal number of guest and host ports Guest_name=xxxxxxx Guest_ipaddr=xxx.xxx.xxx.xx *Host_ipaddr=xxx.xxx.xxx.xx* Host_port=( '80' '443' ) Guest_port=( '80' '443' ) length=$(( ${#Host_port[@]} - 1 )) if [ "${1}" = "${Guest_name}" ]; then if [ "${2}" = "stopped" -o "${2}" = "reconnect" ]; then for i in `seq 0 $length`; d...

...hange the script >> to as follows. (Changes are highlighted. For some reason the original >> script didn't work using /bin/sh, but it did with /bin/bash, so I >> changed that too). > > I don't know for sure, but my guess is that this line: > > length=$(( ${#Host_port[@]} - 1 )) Correct - that line is a bashism, and is not portable when /bin/sh is dash. > > which was added by vgerris in order to support forwarding of multiple > ports, could be what's causing the incompatibility (that wasn't in the > original, simpler version of the script,...

...t to true if user is root. */ + /* * Size of the channel array. All slots of the array must always be * initialized (at least the type field); unused slots are marked with type @@ -608,13 +610,17 @@ "connect from %.200s port %d", c->listening_port, c->path, c->host_port, remote_hostname, remote_port); - newch = channel_new("direct-tcpip", + newch = channel_new((c->type == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip" : "direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_ma...

...ch your actual VM Name. # In order to create rules to other VMs, just duplicate the below block and configure # it accordingly. if [ "${1}" = "testy" ]; then      # Update the following variables to fit your setup    GUEST_IP='10.128.10.100'    GUEST_PORT='22'    HOST_PORT='2588'      if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then         /sbin/iptables -D FORWARD -o virbr0 -d  $GUEST_IP -j ACCEPT         /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT    fi...

...og who + * tried to forward ports. + */ + /* * Maximum file descriptor value used in any of the channels. This is * updated in channel_allocate. @@ -581,13 +587,20 @@ "connect from %.200s port %d", c->listening_port, c->path, c->host_port, remote_hostname, remote_port); - newch = channel_new("direct-tcpip", + /* Jarno: If the channel is SSH2 port listener (server) then send + * forwarded-tcpip message. + */ + newch = channel_new( (c->type == SSH2_CHANNEL_PORT_LISTENER) ? + "forwarded-tcpip...

...as follows. (Changes are highlighted. For some reason the original > >> script didn't work using /bin/sh, but it did with /bin/bash, so I > >> changed that too). > > > > I don't know for sure, but my guess is that this line: > > > > length=$(( ${#Host_port[@]} - 1 )) > > Correct - that line is a bashism, and is not portable when /bin/sh is dash. > > > > > which was added by vgerris in order to support forwarding of multiple > > ports, could be what's causing the incompatibility (that wasn't in the > > original...

...c->self, p, + len); + len++; /* trailing '\0' */ + if (len > have) + fatal("channel %d: decode socks4a: len %d > have %d", + c->self, len, have); + strlcpy(c->path, p, sizeof(c->path)); + buffer_consume(&c->input, len); + } c->host_port = ntohs(s4_req.dest_port); debug2("channel %d: dynamic request: socks4 host %s port %u command %u", - c->self, host, c->host_port, s4_req.command); + c->self, c->path, c->host_port, s4_req.command); if (s4_req.command != 1) { debug("channel %d: canno...

..._post_port_listener(Channel *c, f } remote_hostname = get_remote_hostname(newsock); remote_port = get_peer_port(newsock); +#ifdef LIBWRAP + { + char fwd[80]; + void (*sigch) (int); + int res; + struct request_info req; + + snprintf(fwd, sizeof(fwd), "sshdfwd-%d", c->host_port); + request_init(&req, RQ_DAEMON, fwd, RQ_FILE, newsock, NULL); + fromhost(&req); + sigch = signal(SIGCHLD, SIG_DFL); + res = hosts_access(&req); + signal(SIGCHLD, sigch); + if (!res) { + packet_send_debug("refused forwarded connection from %.500s to local port %d.&q...

...t;pw_name,password,UWIN_TOKCLOSE)!=0); + #endif #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; *** readconf.c.orig Mon Feb 04 20:26:35 2002 --- readconf.c Thu May 30 16:55:00 2002 *************** *** 200,206 **** u_short host_port) { Forward *fwd; ! #ifndef HAVE_CYGWIN extern uid_t original_real_uid; if (port < IPPORT_RESERVED && original_real_uid != 0) fatal("Privileged ports can only be forwarded by root."); --- 200,206 ---- u_short host_port) { Forward *fwd; ! #if !defined(HA...

...if (getaddrinfo(listen_host, strport, &hints, &aitop) != 0) packet_disconnect("getaddrinfo: fatal error"); for (ai = aitop; ai; ai = ai->ai_next) { @@ -2259,7 +2260,7 @@ port); #endif /* Initiate forwarding */ - channel_request_local_forwarding(port, hostname, host_port, gateway_ports); + channel_request_local_forwarding(NULL, port, hostname, host_port, gateway_ports); /* Free the argument string. */ xfree(hostname); diff -ru openssh-3.0.2p1/channels.h openssh-3.0.2p1-NewFeature/channels.h --- openssh-3.0.2p1/channels.h Sun Nov 11 18:04:55 2001 +++ openssh-3...

...order to create rules to other VMs, just duplicate the below block and configure ># it accordingly. >if [ "${1}" = "testy" ]; then >  >   # Update the following variables to fit your setup >   GUEST_IP='10.128.10.100' >   GUEST_PORT='22' >   HOST_PORT='2588' >  >   if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then >        /sbin/iptables -D FORWARD -o virbr0 -d  $GUEST_IP -j ACCEPT >        /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$G...

...st duplicate the below block > and configure > ># it accordingly. > >if [ "${1}" = "testy" ]; then > > > > # Update the following variables to fit your setup > > GUEST_IP='10.128.10.100' > > GUEST_PORT='22' > > HOST_PORT='2588' > > > > if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then > > /sbin/iptables -D FORWARD -o virbr0 -d $GUEST_IP -j ACCEPT > > /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j &gt...

Using OpenSSH_2.9p2 on Linux and Sparc Solaris. Trying to connect from Linux to Solaris, with remote port-forwarding i.e. On Linux, ssh -R 3000:Linux:23 Solaris The connection is established okay, but the port-forwarding does not work; on Solaris, the connection to localhost port 3000 is accepted, but it appears as if no data makes it back to port 23 on Linux. If an older 1.2.30 sshd is used

Hi all, I'm using openssh-2.9p2 on Solaris 2.8. I can get remote port forwarding to work using the -R flag, but only with ssh protocol 1 not ssh protocol 2. I've read that remote forwarding protocol 2 was not supported in earlier versions of openssh, but I'm wondering if this is still the case. Jarno Huuskonen [Jarno.Huuskonen at uku.fi], posted a patch in 2000 to add support for

...el number for the socket. */ c = channel_new("port listener", type, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_port = listen_port; success = 1; } if (success == 0) error("channel_setup_fwd_listener: cannot listen to port: %d", listen_port); freeaddrinfo(aitop); ret...

...+908,34 @@ channel_decode_socks4(Channel *c, fd_set strlcpy(username, p, sizeof(username)); buffer_consume(&c->input, len); buffer_consume(&c->input, 1); /* trailing '\0' */ - host = inet_ntoa(s4_req.dest_addr); - strlcpy(c->path, host, sizeof(c->path)); c->host_port = ntohs(s4_req.dest_port); + + /* check for socks4a vs socks4 */ + if (0 == (s4_req.dest_addr.s_addr & htonl(IN_CLASSC_NET))) { + /* + * is client using socks4a? if the first three octets of the IP + * are zero, ie 0.0.0.1, then we get the host name from after user + */ + have = buffe...

...s is the case on the server * on which we have to trust the client anyway, and the user could do @@ -1972,7 +1978,7 @@ } void -channel_input_port_open(int type, u_int32_t seq, void *ctxt) +channel_input_port_open(int type, u_int32_t seq, void *ctxt, int loud) { Channel *c = NULL; u_short host_port; @@ -1989,6 +1995,8 @@ originator_string = xstrdup("unknown (remote did not supply name)"); } packet_check_eom(); + if (loud) + log("TCP forwarding connection to %s port %d", host, host_port); sock = channel_connect_to(host, host_port); if (sock != -1) { c = chann...