search for: oproxycommand

On Thu, Oct 15, 2015 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > if the intermediary machine (the "jumphost") is jumphost.example, and > you are trying to reach bar.example.com (which is behind the firewall), > you would do: > ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com We use jump host, but there are literally hundreds of hosts behind it. And since I often need to run things on multiple hosts, I ssh to jump host, start tmux session, and ssh from there wherever I need. Not to mention that in case like above...

For some odd reason, one line was removed from the handling of ProxyCommand in readconf.c. As a result, ssh crashes on strlen(string) when it parses this option. --- readconf.c:X Mon Aug 6 23:35:52 2001 +++ readconf.c Wed Aug 15 16:11:44 2001 @@ -475,6 +475,7 @@ case oProxyCommand: charptr = &options->proxy_command; + string = xstrdup(""); while ((arg = strdelim(&s)) != NULL && *arg != '\0') { string = xrealloc(string, strlen(string) + strlen(arg) + 2); strcat(string, " "); --Pavel Kankovsky aka Peak [ Boycott Mi...

...15 at 04:15:03PM -0400, Daniel Kahn Gillmor wrote: > >>> if the intermediary machine (the "jumphost") is jumphost.example, and > >>> you are trying to reach bar.example.com (which is behind the firewall), > >>> you would do: > >>> ssh -oProxyCommand='ssh jumphost.example -W %h:%p' bar.example.com > >We use jump host, but there are literally hundreds of hosts behind it. > >And since I often need to run things on multiple hosts, I ssh to jump > >host, start tmux session, and ssh from there wherever I need. > You can...

...ision 25) +++ openssh-3.8p1/readconf.c (revision 25) @@ -93,7 +93,8 @@ oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, - oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, + oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, + oOpenCommand, oCloseCommand, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, @@...

I tried the following command. ssh -Y -t intermediate -- ssh -Y dest But it shows the following error message. Does anybody know how to fix the problem? Thanks. X11 forwarding request failed on channel 0 -- Regards, Peng

...,6 +130,9 @@ typedef enum { oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, +#ifdef SCTP + oTransport, +#endif oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, @@ -198,6 +201,9 @@ static struct { { "hostname", oHostName }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand"...

...-- Summary|ProxyCommand none breaks ssh|ProxyCommand none is | |sensitive to extra | |whitespace ------- Additional Comments From mouring at eviladmin.org 2003-04-02 15:01 ------- $ ssh '-oProxyCommand none ' localhost /bin/sh: none: not found ssh_exchange_identification: Connection closed by remote host $ ssh '-oProxyCommand none' localhost Enter passphrase for key '/home/mouring/.ssh/id_rsa': none works as suggested, but it sensitive to extra whitespaces. (summary clarifi...

...addr_in($bind_port, inet_aton $bind_addr)) || die "bind: $!"; listen($sfd,SOMAXCONN) || die "listen: $!"; accept (Cfd,$sfd); close $sfd; open 3,"<&Cfd"; open 4,"<&Cfd"; if(! grep fileno(Cfd) == $_,(3,4)) { close Cfd;} exec {ssh} qw(ssh -D2085 -oProxyCommand=:socket: user at sshd_host); So if you pass -oProxyCommand=:socket: to ssh it will not make a new child but use those 2 fd. diff -rNu openssh-4.5p1/sshconnect.c openssh-4.5p1-ssh-socket/sshconnect.c --- openssh-4.5p1/sshconnect.c 2006-10-23 20:02:24.000000000 +0300 +++ openssh-4.5p1-ssh-socke...

...t mindrot.org> wrote: > On Sat, 4 Jul 2015, Peng Yu wrote: > >> I tried the following command. >> >> ssh -Y -t intermediate -- ssh -Y dest >> >> But it shows the following error message. Does anybody know how to fix >> the problem? Thanks. > > ssh -oProxyCommand="ssh -W %h:%p intermediate" -Y dest > > should work Somehow, the above command works in some cases but not others (I still see "X11 forwarding request failed on channel 0"). Do you know how to debug for the cases that do not work? Thanks. -- Regards, Peng

Hi folks, I'm wondering if it is possible to set up a dynamic port forward (i.e. socks proxy), where the listening socket is actually on the server rather than the client as is currently the case for -D ? A possible use case is providing a deeply firewalled box with an outbound SOCKS proxy, but only while an inbound ssh connection is active. Or, in my particular case, I have many routers

...openssh/readconf.c src/readconf.c --- /usr/src/crypto/openssh/readconf.c Thu Sep 27 18:33:34 2001 +++ src/readconf.c Wed Jul 17 16:14:44 2002 @@ -108,6 +108,7 @@ #endif oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, + oProxyServer, oProxyPort, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, @@ -158,6 +159,8 @@ { "hostname", oHostName }, { "hostkeya...

...@@ case oUser: charptr = &options->user; parse_string: - cp = strtok(NULL, WHITESPACE); + cp = strtok(NULL, WHITESPACE_EQ); if (!cp) fatal("%.200s line %d: Missing argument.", filename, linenum); if (*activep && *charptr == NULL) @@ -400,7 +401,7 @@ case oProxyCommand: charptr = &options->proxy_command; string = xstrdup(""); - while ((cp = strtok(NULL, WHITESPACE)) != NULL) { + while ((cp = strtok(NULL, WHITESPACE_EQ)) != NULL) { string = xrealloc(string, strlen(string) + strlen(cp) + 2); strcat(string, " "); strcat...

Hi, I'm in a situation where I'm using multiple SSH keys, each to connect to different set of servers. I can't load/unload keys on demand, as I usually am connected to at least 2 of such sets. But - some rogue "root", could get access to my agent-forwarding socket, and in turn, get access to keys loaded to agent (not in terms of obtaining the key, but being able to use it

Hi list, After reading rsync docu and doing online search, I still failed to find a simple solution for following problem: The goal is to sync two directories using rsync without running the rsync daemon on one of the two hosts. The standard shell sync does not work because of the network topology: Ssh connect to SRC-Host ^ Base host (with ssh keys) v Ssh connect to bridge

...nssh-2.3.0p1-new/readconf.c --- openssh-2.3.0p1/readconf.c Sat Oct 14 01:23:12 2000 +++ openssh-2.3.0p1-new/readconf.c Mon Nov 13 11:06:57 2000 @@ -98,7 +98,7 @@ #endif oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, - oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, + oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oRetryDelay, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, oTISAuthentication, oUs...

Hello all, If you try to make a TCP connection to a host, and the host is down, timeouts can be as long as an hour. This is not specific to ssh, or OS. Is this a scenario worth working around, e.g. with a timer when connecting or the like? -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems.

...onf.c +++ b/readconf.c @@ -135,6 +135,7 @@ typedef enum { oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, + oCertificateFile, oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, @@ -202,6 +203,7 @@ static struct { { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* obsolete */ { "identit...

...n = select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL); + } + if (n < 0) { char buf[100]; /* --- openssh-2.9.9p2/readconf.c.orig Thu Sep 20 02:57:56 2001 +++ openssh-2.9.9p2/readconf.c Thu Oct 11 22:03:09 2001 @@ -109,7 +109,7 @@ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oIdle, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiph...

For systems where the local hostname is obtained as a short name without domain, there should be a ssh_config option "DefaultDomain" as in ssh-3.x from ssh.com. For the server, there might be a corresponding option in order to strip the domain name from the remote client name (if it matches the server's DefaultDomain) for use in auth_rhost2, since netgroups usually contain short

...", strerror(errno)); } newch = channel_new(rtype, nextstate, newsock, newsock, -1, --- openssh-2.9p2/readconf.c.keepalivetunnel Tue Apr 17 11:11:37 2001 +++ openssh-2.9p2/readconf.c Thu Aug 23 15:42:37 2001 @@ -106,7 +106,7 @@ oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oKeepAlives, oKeepAlivesForward, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLo...