search for: originator_port

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

...ally, remote forwarding is negotiated within some protocol between ssh and sshd. No problem to change this slightly with a private patch. If it only wouldn't incompatibly change the protocol. So my idea is to implement it in a way that client_request_forwarded_tcpip() in clientloop.c checks originator_port for being in the priveleged range and - if yes - uses a privileged port to connect. Any comments? Regards, Robert -- Robert.Dahlem at siemens.com Siemens Business Services - SBS D ORS FS BO DEZ KORDOBA-Outsourcing Tel: +49-69-797-6530 Fax: +49-69-797-6599 --------------------------...

...w, int rmaxpack) +{ + Channel* c = NULL; + int sock; + char *listen_address; /* Remote (server) address that is listening + for the connection */ + int listen_port; + char* originator_address; /* Address of the client connecting to + listen_address */ + int originator_port; /* Client port */ + + unsigned int client_len, connected_len; + + int newch; + int i; + + debug("ssh2 server tries to open forwarded-tcpip channel."); + + /* Get rest of the packet */ + listen_address = packet_get_string(&connected_len); + listen_port = packet_get_int(); + ori...

...tal("%s: send disconnect: %s", __func__, ssh_err(r)); channel_free_all(ssh); @@ -1502,7 +1502,7 @@ client_request_forwarded_tcpip(struct ssh *ssh, const char *request_type, (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 || (r = sshpkt_get_u32(ssh, &originator_port)) != 0 || (r = sshpkt_get_end(ssh)) != 0) - fatal("%s: %s", __func__, ssh_err(r)); + fatal("%s: parse packet: %s", __func__, ssh_err(r)); debug("%s: listen %s port %d, originator %s port %d", __func__, listen_address, listen_port, originator_address,...

...int rwindow, int rmaxpack) +{ + Channel* c = NULL; + int sock; + char *listen_address; /* Remote (server) address that is listening + for the connection */ + int listen_port; + char* originator_address; /* Address of the client connecting to + listen_address */ + int originator_port; /* Client port */ + + unsigned int client_len, connected_len; + + int newch; + int i; + + debug("ssh2 server tries to open forwarded-tcpip channel."); + + /* Get rest of the packet */ + listen_address = packet_get_string(&connected_len); + listen_port = packet_get_int(); + ori...

...ons; /* How they are restricted */ int use_login; /* If true, login(1) is used */ int compression; /* If true, compression is allowed */ int allow_tcp_forwarding; --- serverloop.c 28 Jan 2003 18:06:52 -0000 1.1.1.2 +++ serverloop.c 29 Jan 2003 21:26:12 -0000 1.5 @@ -863,8 +865,7 @@ originator_port = packet_get_int(); packet_check_eom(); - debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", - originator, originator_port, target, target_port); + log("TCP forwarding connection to %s port %d", target, target_port); /* XXX check permission...

...are not applicable in the direct-streamlocal case. This may be difficult to fix in a backward-compatible manner, since the code in serverloop.c actually seems to be expecting to get a host & port: target = packet_get_string(NULL); originator = packet_get_string(NULL); originator_port = packet_get_int(); packet_check_eom(); So, perhaps the right thing here is to update the documentation in PROTOCOL to match the current implementation. It seems odd to send this information when it looks like it will always be an empty string and a port of zero, though, especially given t...

...t child_has_selected; /* Child has had chance to drain. */ static volatile int child_wait_status; /* Status from wait(). */ +/* Jarno: Needed to check if port_forwarding is allowed */ +extern ServerOptions options; + void server_init_dispatch(void); void @@ -722,7 +725,10 @@ originator, originator_port, target, target_port); /* XXX check permission */ - if (no_port_forwarding_flag) { + /* Jarno: */ + if (no_port_forwarding_flag || !options.port_forwarding) { + packet_send_debug("Server configuration rejects port forwardings."); + debug("Port forwarding disabled in server conf...

...nel_setup_local_fwd_listener(u_short, const char *, u_short, int); diff -nru openssh-3.8.1p1/serverloop.c openssh-3.8.1p1-devs//serverloop.c --- openssh-3.8.1p1/serverloop.c Wed Jan 21 01:02:50 2004 +++ openssh-3.8.1p1-devs//serverloop.c Mon Feb 21 11:33:13 2005 @@ -867,7 +867,7 @@ originator, originator_port, target, target_port); /* XXX check permission */ - sock = channel_connect_to(target, target_port); + sock = channel_connect_to(target, target_port, the_authctxt); xfree(target); xfree(originator); if (sock < 0) -----Message d'origine----- De : Bucaille, Lionel Envoy? : mardi 22...

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at