similar to: StreamLocal forwarding

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

Hi folks, I'm wondering if it is possible to set up a dynamic port forward (i.e. socks proxy), where the listening socket is actually on the server rather than the client as is currently the case for -D ? A possible use case is providing a deeply firewalled box with an outbound SOCKS proxy, but only while an inbound ssh connection is active. Or, in my particular case, I have many routers

Hi openssh dev's, I love an truly appreciate the Socket forwarding feature in OpenSSH 6.7. i use it for forwarding the socket of GnuPG's agent (that handles the secret stuff) to remote machines. Usecase: ====== I am a remote worker and use gnupg agent forwarding to connect to our company infrastructure that makes heavy use of PGP encryption while keeping my key out of the hands of

When forwarding a Unix-domain socket, the remote socket path must be absolute (otherwise the forwarding fails later). However, guessing absolute path on the remote end is sometimes not straightforward, because the file system location may vary for many reasons, including the system installation, the choices of NFS mount points, or the remote user ID. To allow ssh clients to request remote socket

https://bugzilla.mindrot.org/show_bug.cgi?id=2601 Bug ID: 2601 Summary: StreamLocalBindUnlink not working Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

On Sun, May 8, 2016 at 9:04 PM, Markus Friedl <mfriedl at gmail.com> wrote: > I have an ugly patch for that feature that requires protocol modification. Why does it require a protocol modification? Couldn't the client request regular forwarded-tcpip from the server then decode SOCKS entirely within the client? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9

The attached patch should solve the following problem: ssh-agent creates a temporary directory under /tmp with '600' permissions. The actual socket file is created in that dir using the default umask. That's no problem in U*X systems since nobody but the owner of the directory can read the socket file. Unfortunately, Windows has a user privilege called "Bypass traverse

Hi folks, I have successfully compiled and run OpenSSH 4.1p1 on NCR MPRAS: $ uname -a UNIX_SV support1 4.0 3.0 3446 Pentium Pro(TM)-EISA/PCI $ However, I have found one pretty critical problem, arising from the way that MPRAS handles changes to the IP stack. Background: To update any of the IP or TCP configuration options, system administrators should use the program "tcpconfig".

Hello, there is a patch which allows redirecting UNIX domain sockets here: http://www.25thandclement.com/~william/projects/streamlocal.html<http://www.25thandclement.com/%7Ewilliam/projects/streamlocal.html> We really need it in our institution. It's for OpenSSH 4.4 but I managed to adopt it for 4.7p1 included in Ubuntu 8.04.

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a

https://bugzilla.mindrot.org/show_bug.cgi?id=2421 Bug ID: 2421 Summary: direct-streamlocal at openssh.com doesn't have a reserved string - PROTOCOL.txt Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5

I've a server where clients can connect to using direct-streamlocal at openssh.com. I want that the server "knows" the address of the client. I've tried using the peercredentials of the process connecting my server (which is a sshd process) and check the environment. I thought that in the environment the var SSH_CLIENT would be set, but that did not work. This sshd process has

https://bugzilla.mindrot.org/show_bug.cgi?id=2529 Bug ID: 2529 Summary: direct-streamlocal channel open doesn't match PROTOCOL documentation Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh

Later versions of OpenSSH allow the user to forward connections also to/from Unix sockets. This patch allows to use Unix sockets as the target when forwarding the local stdio using the -W feature. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Allow-forwarding-of-stdio-to-streamlocal-end-points.patch Type: application/text Size: 5796 bytes Desc: not

https://bugzilla.mindrot.org/show_bug.cgi?id=2416 Bug ID: 2416 Summary: [PATCH] Allow forwarding of stdio to streamlocal end points Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

----- Original Message ----- > On 9/12/2013 7:44 PM, Hal Finkel wrote: > > > > To fix this problem, I think that we need to stop treating errno as > > some arbitrary external state, and model is explicitly. > > In such case it would make sense to know when "errno" is read. This > way > we could detect whether it's actually used, whether or not the

Hi folks, I was wondering if it were possible to log which key is used to authenticate a user logging in? In our scenario, our client is wanting to use SSH keys to control shared access to Unix accounts, including root. It is obviously possible to add multiple keys into the authorized_keys file, however, it is not possible to see which user/key was actually presented, at a reasonable logging

On 9/13/2013 2:23 PM, Hal Finkel wrote: > > Maybe the easiest way would be to insert an intrinsic @llvm.errno.read() whenever errno (as a source token) appears in the source as an rvalue (and do some similar thing when it appears as a lvalue). Thoughts? I think the major problem is still with "errno" defined as a preprocessor macro, as it may not look like errno by the time the

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any