search for: proxyusefdpass

https://bugzilla.mindrot.org/show_bug.cgi?id=2348 Bug ID: 2348 Summary: allow ssh to connect to a unix domain socket Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

...n SSH certificate prior to the connection. The ProxyCommand also creates a tunnel to the upstream SSH server. When using ProxyCommand alone, the issue is that the identity files are loaded as soon as SSH has fork/exec'd the process. It does not wait for a valid server negotiation. I found the ProxyUseFdPass flag which seemed promising -- here, the identity files weren't loaded until after the file descriptors are passed back to the SSH client. Perhaps I could fetch the identity file, return the fds, and then tunnel the traffic. Unfortunately, it blocks on waitpid(), so this doesn't work either...

...to extend the ProxyCommand to both return the resolved universal name for the given short name and to connect to that universal name. For example, the proxy can first print the resolved name on its stdout before proceeding with other data. Those other data may be a socket if the proxy utilizes the ProxyUseFdpass option. Another possibility is to allow an external command to serve as a resolver. For example, for the given name such command is supposed to returns the full name that is used for the key lookup and optionally the ip address and port to connect to. The drawback of this is that the proxy command...

if the remote hostname has multiple ip addresses, ssh_connect_direct will currently loop and try each address in sequence until one works. I'm interested in making ssh tries each address concurrently and return success on the first one that connects. in the land of host certs and ssh bastions, this can be incredibly effective. are there any objects to me working up a patch to implement this?

...the set until one succeeds) would be feasible, though. > so, approaching this from a different angle, what if I wanted to have > something else establish the tcp connection and then fork/dup2/exec > ssh and pass off the fd's for the network connection? That's how ProxyComand and ProxyUseFdpass work. Your dialler is a separate program so it can do whatever you like, including use pthreads if that's your thing. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately,...

https://bugzilla.mindrot.org/show_bug.cgi?id=3578 Bug ID: 3578 Summary: RFE: forward error correction Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

...l requests by name. * sftp-server(8): Add a sftp "fsync at openssh.com" to support calling fsync(2) on an open file handle. * sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option. * ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data. Bugfixes: * ssh(1), sshd(8): Fix potential stack exhaustion caused by nes...

...l requests by name. * sftp-server(8): Add a sftp "fsync at openssh.com" to support calling fsync(2) on an open file handle. * sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option. * ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data. Bugfixes: * ssh(1), sshd(8): Fix potential stack exhaustion caused by nes...

I have a customer who is complaining about slow SFTP transfers over a long haul connection. The current transfer rate is limited by the TCP window size and the RTT. I looked at HPN-SSH, but that won't work because we don't control what software the peer is using. I was thinking about coding a much more modest enhancement that just does SO_RCVBUF for specific subsystems. In the interest

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...l requests by name. * sftp-server(8): Add a sftp "fsync at openssh.com" to support calling fsync(2) on an open file handle. * sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option. * ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data. Bugfixes: * ssh(1), sshd(8): Fix potential stack exhaustion caused by nes...