search for: target_port

Displaying 13 results from an estimated 13 matches for "target_port".

2009 Feb 17
2
Idea: reverse socks proxy
Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of
2009 Jan 30
1
Patch to log tunnel information
...one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunnel opened: user '...
2009 Jan 30
12
[Bug 1552] New: Patch to log tunnel information
...one definitely would like to see this end up in the codebase, so I'm submitting it. *** openssh-5.1p1/serverloop.c Fri Jul 4 09:10:49 2008 --- openssh-5.1p1-RCFHACKS/serverloop.c Thu Jan 29 08:56:11 2009 *************** *** 957,962 **** --- 957,968 ---- c = channel_connect_to(target, target_port, "direct-tcpip", "direct-tcpip"); + if (c == NULL){ + verbose("Tunnel denied: user '%s' from %s to %s:%d", the_authctxt->user, get_remote_ipaddr(), target, target_port); + } else { + verbose("Tunnel opened: user '...
2005 Feb 22
0
TR: 3.8.1p1 option "permitopennet" added
...ner(u_short, const char *, u_short, int); diff -nru openssh-3.8.1p1/serverloop.c openssh-3.8.1p1-devs//serverloop.c --- openssh-3.8.1p1/serverloop.c Wed Jan 21 01:02:50 2004 +++ openssh-3.8.1p1-devs//serverloop.c Mon Feb 21 11:33:13 2005 @@ -867,7 +867,7 @@ originator, originator_port, target, target_port); /* XXX check permission */ - sock = channel_connect_to(target, target_port); + sock = channel_connect_to(target, target_port, the_authctxt); xfree(target); xfree(originator); if (sock < 0) -----Message d'origine----- De : Bucaille, Lionel Envoy? : mardi 22 f?vrier 2005 11:21 ?...
2009 Sep 14
2
[PATCH node-image] add livecd-iso-to-iscsi script to support iscsi root booting setup
...;tftpboot/squashfs-root") + +pxe_template = """ + +# pxelinux configuration. +DEFAULT pxeboot +TIMEOUT 20 +PROMPT 0 +LABEL ovirt-node-iscsi + KERNEL /vmlinuz0 + APPEND initrd=/initrd0.img ro root=LABEL=%(disk_label)s netroot=iscsi:%(user)s%(password)s@%(target)s::%(target_port)s::%(target_name)s ip=eth0:dhcp + ipappend 2 +ONERROR LOCALBOOT 0 +""" + +# insert empty values for unneeded variables in the pxe template +if not options.user is None: + options.user = options.user + ":" +else: + options.user = "" + +if not options.password...
2003 Jan 29
0
[PATCH] features for restricted shell environments
...c 28 Jan 2003 18:06:52 -0000 1.1.1.2 +++ serverloop.c 29 Jan 2003 21:26:12 -0000 1.5 @@ -863,8 +865,7 @@ originator_port = packet_get_int(); packet_check_eom(); - debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", - originator, originator_port, target, target_port); + log("TCP forwarding connection to %s port %d", target, target_port); /* XXX check permission */ sock = channel_connect_to(target, target_port); @@ -973,12 +974,10 @@ fatal("server_input_global_request: no user"); listen_address = packet_get_string(NULL); /* XXX...
2001 Jun 20
1
openssh and port forwarding as root
...ed port forwards as root, so the connection seems to come from root. Is it enough to open the socket as normal user so the connection would appear to come from that user ? (On Linux this seems to work, but what about other OS's ?) I tested this briefly by wrapping the channel_connect_to(target,target_port); (in serverloop.c:server_request_direct_tcpip) with temporarily_use_uid and restore_uid calls and it seems to work (I used hardcoded values for temporarily_use_uid). Is it possible to acquire the username/uid/gid info in server_request_direct_tcpip (and where the socket is opened with protocol 1)...
2003 Sep 26
0
(no subject)
...arget, "localhost") == 0) && (!options.allow_nonlocal_port_forward_destinations)) || (options.allow_nonlocal_port_forward_destinations)) { debug("port forwarding to target %s allowed", target); sock = channel_connect_to(target, target_port); } else { debug("port forwarding to target %s not allowed", target); sock = -1; } This code effecitvely allows the OpenSSH server to be configured to only allow port forwarding if the destination host is the OpenSSH server itself (or, more technically...
2000 Aug 13
1
Patches for openssh port forwarding
...Child has had chance to drain. */ static volatile int child_wait_status; /* Status from wait(). */ +/* Jarno: Needed to check if port_forwarding is allowed */ +extern ServerOptions options; + void server_init_dispatch(void); void @@ -722,7 +725,10 @@ originator, originator_port, target, target_port); /* XXX check permission */ - if (no_port_forwarding_flag) { + /* Jarno: */ + if (no_port_forwarding_flag || !options.port_forwarding) { + packet_send_debug("Server configuration rejects port forwardings."); + debug("Port forwarding disabled in server configuration.");...
2000 Aug 23
1
Protocol 2 remote forwarding patch
...er for select(). */ +/* Jarno: import */ +extern int allow_port_forwarding; + /* * This SIGCHLD kludge is used to detect when the child exits. The server * will exit after that, as soon as forwarded connections have terminated. @@ -722,11 +725,19 @@ originator, originator_port, target, target_port); /* XXX check permission */ - if (no_port_forwarding_flag) { + /* Jarno: TODO: call function to check forwarding+better logging */ +#ifndef DISABLE_FORWARDING + if (no_port_forwarding_flag || !allow_port_forwarding) { +#endif /* DISABLE_FORWARDING */ + packet_send_debug("Server configura...
2009 Oct 14
4
Refactor ovirt-node-image code base for inclusion in Fedora
Main reason for refactor is no ovirt-node-image binary image allowed in fedora. Removed ks files, now in ovirt-node-recipe, which is subpackage of ovirt-node. Removed tools, these are now in ovirt-node-recipe which is subpackage of ovirt-node.
2004 Jan 19
3
Security suggestion concering SSH and port forwarding.
Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in
2009 Oct 14
8
Refactor ovirt-node code base for inclusion in Fedora
Main reason for refactor is no ovirt-node-image binary image allowed in fedora. Moves tools and kickstart files form ovirt-node-image to subpackage ovirt-node-recipe. Removes old sub packages form ovirt-node, stateless, logos, selinux. Modifies init scripts to meet Fedora packaging guidelines: added status, reload, and lockfile, rhbz: 514221 Added License file.