search for: num_remote_forward

Hi all, When a client requests dynamic remote forwarding with -R it delays forking into the background. In ssh.c we see if (options.fork_after_authentication) { if (options.exit_on_forward_failure && options.num_remote_forwards > 0) { debug("deferring postauth fork until remote forward " "confirmation received"); } else fork_postauth(ssh); } This seems to depend on forwarding_success() for it to then call fork_postauth. If I'm reading this cor...

...f diff --unified --recursive openssh-2.9.9p2.orig/readconf.c openssh-2.9.9p2.httpsproxy/readconf.c --- openssh-2.9.9p2.orig/readconf.c Thu Oct 18 11:53:43 2001 +++ openssh-2.9.9p2.httpsproxy/readconf.c Thu Oct 18 11:55:48 2001 @@ -789,6 +789,7 @@ options->num_local_forwards = 0; options->num_remote_forwards = 0; options->clear_forwardings = -1; + options->https_proxy = NULL; options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; options->bind_address = NULL; diff --unified --recursive openssh-2.9.9p2.orig/readconf.h openssh-2.9.9p2.httpsproxy/readconf.h...

...un 2023, Chris Rapier wrote: > Hi all, > > When a client requests dynamic remote forwarding with -R it delays forking > into the background. In ssh.c we see > > if (options.fork_after_authentication) { > if (options.exit_on_forward_failure && > options.num_remote_forwards > 0) { > debug("deferring postauth fork until remote forward " > "confirmation received"); > } else > fork_postauth(ssh); > } > > > This seems to depend on forwarding_success() for it to then call > for...

..., { NULL, 0 } }; @@ -494,6 +495,10 @@ intptr = &options->connection_attempts; goto parse_int; + case oSleep: + intptr = &options->sleep; + goto parse_int; + case oCipher: intptr = &options->cipher; arg = strdelim(&s); @@ -761,6 +766,7 @@ options->num_remote_forwards = 0; options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; + options->sleep = -1; } /* diff -ur openssh-2.9p1/readconf.h openssh-2.9p1S/readconf.h --- openssh-2.9p1/readconf.h Tue Apr 17 12:11:37 2001 +++ openssh-2.9p1S/readconf.h Thu May 17 19:23:25 2001...

In the changelog, there is an entry: 20001129 - (djm) Back out all the serverloop.c hacks. sshd will now hang again if there are background children with open fds. Does this mean that this is regarded as expected (and correct) behavior, that should not change in the future, or does it mean that this behavior is a known problem that someone will eventually fix? --Adam -- Adam McKenna

...d) == 0) tty_flag = 1; @@ -511,6 +507,29 @@ /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* -N option only makes sense with protocol 2. It doesn't make sense + without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwardings\n"); + usage(); + /* NOT REACHED */ + } + if ((options.protocol & SSH_PROTO_2) && no_shell_flag && + buffer_len(&command) > 0) { + fprintf(stderr,"-N...

...host_port; @@ -226,14 +227,15 @@ */ void -add_remote_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_remote_forward(Options *options, const char *listen_host, u_short port, + const char *host, u_short host_port) { Forward *fwd; if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many remote forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->remote_forwards[options->num_remote_forwards++]; + fwd->listen_host = listen_host == NULL ? NULL : xstrdup(listen_host); fwd->p...

For systems where the local hostname is obtained as a short name without domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x from ssh.com. For the server, there might be a corresponding option in order to strip the domain name from the remote client name (if it matches the server's DefaultDomain) for use in auth_rhost2, since netgroups usually contain short

...6 +436,10 @@ charptr = &options->system_hostfile; goto parse_string; + case oSNKFile: + charptr = &options->snk_keyfile; + goto parse_string; + case oUserKnownHostsFile: charptr = &options->user_hostfile; goto parse_string; @@ -761,6 +766,7 @@ options->num_remote_forwards = 0; options->log_level = (LogLevel) - 1; options->preferred_authentications = NULL; + options->snk_keyfile = NULL; } /* diff -NuBw openssh-2.9p1/readconf.h openssh/readconf.h --- openssh-2.9p1/readconf.h Tue Apr 17 14:11:37 2001 +++ openssh/readconf.h Wed Jun 6 15:07:34 2001 @@...

...ssh-2.1.1p4/ssh.c openssh-2.1.1p4-jhchanges/ssh.c --- openssh-2.1.1p4/ssh.c Sat Jul 15 07:14:17 2000 +++ openssh-2.1.1p4-jhchanges/ssh.c Mon Aug 14 20:04:53 2000 @@ -891,6 +891,22 @@ } } +/* Jarno: ssh2_session calls this */ +void +init_remote_fwd(void) +{ + int i; + for (i = 0; i < options.num_remote_forwards; i++) { + debug("Connections to remote port %d forwarded to local address %.200s:%d", + options.remote_forwards[i].port, + options.remote_forwards[i].host, + options.remote_forwards[i].host_port); + channel_request_remote_forwarding(options.remote_forwards[i].port,...

...nd_address = NULL; options->smartcard_device = NULL; + options->sleep = -1; } /* diff -u openssh-2.9.9p2/readconf.h openssh-2.9.9p2J/readconf.h --- openssh-2.9.9p2/readconf.h Wed Sep 19 18:57:56 2001 +++ openssh-2.9.9p2J/readconf.h Thu Sep 27 22:01:07 2001 @@ -101,6 +101,7 @@ int num_remote_forwards; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; int clear_forwardings; + int sleep; /* Exit delay in seconds */ } Options; diff -u openssh-2.9.9p2/session.c openssh-2.9.9p2J/session.c --- openssh-2.9.9p2/session.c Sun Sep 16 16:17:15 2001 +++ openssh-2.9.9p2J/s...

...d) == 0) tty_flag = 1; @@ -511,6 +507,29 @@ /* reinit */ log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); + /* -N option only makes sense with protocol 2. It doesn't make sense + without port forwarding ?????? + */ + if ( options.num_local_forwards == 0 && options.num_remote_forwards == 0 && + no_shell_flag ) { + fprintf(stderr, "-N makes sense only with port forwardings\n"); + usage(); + /* NOT REACHED */ + } + if ((options.protocol & SSH_PROTO_2) && no_shell_flag && + buffer_len(&command) > 0) { + fprintf(stderr,"-N...

..._OK); + goto out; + } } - if (errno == ENOENT) - debug("Control socket \"%.100s\" does not exist", path); - else { - error("Control socket connect(%.100s): %s", path, - strerror(errno)); + break; + case MUX_FWD_REMOTE: + for (i = 0; i < options.num_remote_forwards; i++) { + if (compare_forward(&fwd, + options.remote_forwards + i)) + goto exists; } - close(sock); + break; + } + + if (options.control_master == SSHCTL_MASTER_ASK || + options.control_master == SSHCTL_MASTER_AUTO_ASK) { + if (!ask_permission("Open %s on %s?", f...

...error("%s host key for %.200s has changed and you have " "requested strict checking.", type, host); goto fail; } + + /* * If strict host key checking has not been requested, allow @@ -814,13 +764,6 @@ options.num_local_forwards = options.num_remote_forwards = 0; } - /* - * XXX Should permit the user to change to use the new id. - * This could be done by converting the host key to an - * identifying sentence, tell that the host identifies itself - * by that sentence, and ask the user if he/she whishes to - * accept the authentication. -...

...s[i].host, options.local_forwards[i].host_port, - options.gateway_ports); + options.gateway_ports, 0); + } +} + +/* Jarno Huuskonen: ssh2 client calls this to initiate remote port forwarding + * requests. + */ +void +init_remote_fwd(void) +{ + int i; + for (i = 0; i < options.num_remote_forwards; i++) { + debug("Connections to remote port %d forwarded to local address %.200s:%d", + options.remote_forwards[i].port, + options.remote_forwards[i].host, + options.remote_forwards[i].host_port); + channel_request_remote_forwarding(options.remote_forwards[i].port,...

http://bugzilla.mindrot.org/show_bug.cgi?id=413 ------- Additional Comments From dtucker at zip.com.au 2005-01-24 14:27 ------- Created an attachment (id=782) --> (http://bugzilla.mindrot.org/attachment.cgi?id=782&action=view) forward-bind.sh: regression test for binding port forwards to addresses Current limitations of test: - no testing of IPv6 - no testing of backwards compat

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

I'm reading this fine article on O'Reilly: http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html <quote> The paper concludes that the keystroke timing data observable from today's SSH implementations reveals a dangerously significant amount of information about user terminal sessions--enough to locate typed passwords in the session data stream and reduce the

...d by Begin SD Mod and End SD Mod. + * + * The last change was committed on 10/3/2001. + *************************************************************************** */ /* RCSID("$OpenBSD: readconf.h,v 1.39 2001/09/19 19:24:18 stevesk Exp $"); */ @@ -101,6 +127,14 @@ int num_remote_forwards; Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION]; int clear_forwardings; + + /* + * SD Mod: Added option to use steno timing manipulation. + * By default, timing analysis evasion is used. The -S flag + * must be used to turn off this feature...

Hello, In response to the timing analysis attacks presented by Dawn Song et. al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html we at Silicon Defense developed a patch for openssh to avoid such measures. Timing Analysis Evasion changes were developed by C. Jason Coit and Roel Jonkman of Silicon Defense. These changes cause SSH to send packets unless request not to,