search for: sshmux

Hi all, currently I am considering writing a patch for OpenSSH that will allow portforwarding using the control_master unix domain socket. The idea is to introduce an extra SSHMUX command, SSHMUX_COMMAND_SOCKS, which will then pass control to the normal socks functions used for dynamic forwarding. The main reason for me to write this patch are: - some more control over who gets to connect to portforwardings. (the control_master has uid control build in, while everyone can...

...channel (and e.g. upload sensitive data to that system). A simple test showed, that ssh doesn't employ any security checks... when it is able to open the socket, it'll use it apparently: I tried last week something like this: user at hostA:~$ ssh -o ControlMaster=yes -o ControlPath=/tmp/sshmux hostB and then: root at hostA:~$ ssh -o ControlMaster=no -o ControlPath=/tmp/sshmux hostC As you can see, the socket is created by user, and root "accidentally" uses it, even trying to connect to another node. ssh will just do so without any complains. And even when one uses something...