search for: streamlocalbindunlink

https://bugzilla.mindrot.org/show_bug.cgi?id=2601 Bug ID: 2601 Summary: StreamLocalBindUnlink not working Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter...

...the client (named gateway for this example, but will be unique > > once deployed in volume): > > > > /usr/bin/ssh -o CheckHostIP=yes -o LogLevel=INFO -o > > ServerAliveCountMax=3 -o ServerAliveInterval=5 -o > > StrictHostKeyChecking=yes -o TCPKeepAlive=yes -o > > StreamLocalBindUnlink=yes -o ExitOnForwardFailure=yes -o BatchMode=yes > > -nN -R /sshvpn/gateway:127.0.0.1:22 -p 52221 sshvpn at host > > > > On the server: > > > > Match User sshvpn > > ChrootDirectory /var/sshvpn/ > > AllowTCPForwarding no > > AllowStreamLocalForw...

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User sshvpn' user sshvpn host 196.209.244.243 &...

...cket on the host, that relays back to the client. i.e. on the client (named gateway for this example, but will be unique once deployed in volume): /usr/bin/ssh -o CheckHostIP=yes -o LogLevel=INFO -o ServerAliveCountMax=3 -o ServerAliveInterval=5 -o StrictHostKeyChecking=yes -o TCPKeepAlive=yes -o StreamLocalBindUnlink=yes -o ExitOnForwardFailure=yes -o BatchMode=yes -nN -R /sshvpn/gateway:127.0.0.1:22 -p 52221 sshvpn at host On the server: Match User sshvpn ChrootDirectory /var/sshvpn/ AllowTCPForwarding no AllowStreamLocalForwarding yes StreamLocalBindUnlink yes Then to connect to the client: $ ssh...

...ection is active. Or, in my particular case, I have many routers running OpenWRT, using sshtunnel to establish a persistent connection to my central server. I want to be able to reach systems behind the gateways. I currently have the sshtunnel configuration set up as follows: On the router: ssh StreamLocalBindUnlink=yes -nN -R /sshvpn/gateway-xxxx:127.0.0.1:22 sshvpn at central In this way, should I want to connect to a system behind the router, I can first establish a new SSH connection back to the router itself, from the central server: ssh -o ProxyCommand='socat UNIX:/sshvpn/gateway-xxxx -' -D 108...

https://bugzilla.mindrot.org/show_bug.cgi?id=2308 Bug ID: 2308 Summary: Forwarded Unix domain sockets not removed on logout Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

...rs List of users and uids allowed to connect ControlAllowGroups List of groups and gids allows to connect ControlDenyUsers List of users and uids disallowed ControlDenyGroups List of groups and gids disallowed -> new stuff <- StreamLocalBindMask Mask to use when binding a forward socket StreamLocalBindUnlink Attempt an unlink before binding FakeStreamLocalForwards Fake a connection originating from a socket as tcpip. This isn't currently honored, but is the default and only behavior. See channel_post_port_listener(). Server: StreamLocalBindMask See above. StreamLocalBindUnlink See a...

...alestyo at scientia.net Hi. AFAIU such options which are allowed for Match blocks are marked with "SSHCFG_ALL" in servconf.c. Going through the list, a number of the is apparently allowed but missing from sshd_config(5): AllowStreamLocalForwarding IPQoS RevokedKeys StreamLocalBindMask StreamLocalBindUnlink TrustedUserCAKeys Could you please add these? I'd have written a patch, but since all my pull requests are apparently generally ignored it's probably just a waste of time :( Cheers, Chris. -- You are receiving this mail because: You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3648 Bug ID: 3648 Summary: ssh client blocks itself by leaving unix domain socket alive after user Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

...ons->max_displays = MAX_DISPLAYS; if (options->use_dns == -1) options->use_dns = 0; if (options->client_alive_interval == -1) @@ -429,7 +432,7 @@ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, - sAllowStreamLocalForwarding, sFingerprintHash, + sAllowStreamLocalForwarding, sFingerprintHash, sMaxDisplays, sDeprecated, sUnsupported } ServerOpCodes; @@ -572,6 +575,7 @@ { "streamlocalbindunlink", sStreamLocalBindUnlink, SSHCFG_ALL }, { "allowstreamlocalforwarding&quot...

https://bugzilla.mindrot.org/show_bug.cgi?id=2727 Bug ID: 2727 Summary: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect Product: Portable OpenSSH Version: 7.5p1 Hardware: ix86 OS: Linux Status: NEW Severity: major Priority: P5

..._host_key_files; i++) CLEAR_ON_NONE(options->host_key_files[i]); for (i = 0; i < options->num_host_cert_files; i++) @@ -417,6 +419,7 @@ typedef enum { sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, + sStreamLocalBindRootDirectory, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -558,6 +561,7 @@ static struct { { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, { "streamlocalbindmas...