similar to: Idea: reverse socks proxy

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

This provides a mechanism to attach arbitrary configure options into the ssh_config file and use them from the LocalCommand and ProxyCommand. Examples: # set FOO to foo LocalEnvMod FOO = foo # append bar to FOO with default separator "," LocalEnvMod FOO += bar # unset FOO LocalEnvMod FOO = # append foo to BAR with separator ":", if BAR is empty

Hi all, This is a client side only implementation of reversed dynamic (SOCKS) TCP forwarding, which means it is compatible with any existing servers have 'remote forward' capability. To establish such forward, use "ssh -R [BIND_ADDRESS:]PORT ...". The server will listen on that port and address and accept SOCKS traffics. Hope this will be useful for you. There was an

https://bugzilla.mindrot.org/show_bug.cgi?id=1380 Summary: incorrect check for strlen(fwd->connect_host) in parse_forward() Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh

Hi, I have a daemon process which is changings things in the system only the superuser should be allowed to change. Lets call it "riskyd". Users use a frontend on the same machine (lets call it "risky"). risky is a SUID program which talks to riskyd by binding to a privileged port, then connecting to riskyd on localhost. riskyd cheks that the connection is coming from

http://bugzilla.mindrot.org/show_bug.cgi?id=413 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sjc at makalumedia.com ------- Additional Comments From markus at openbsd.org 2002-11-22 09:48 ------- *** Bug 441 has been marked as

Hello all, I encountered a problem when trying to setup a remote portforward using OpenSSH 3.5p1. If the port that I was trying to listen to on the remote side was already in use, a message 'cannot bind to port: 5000' was written to the syslog, but the connection still persisted. I had no way on the client side to know that the listening wasn't taking place. that is, the

When forwarding a Unix-domain socket, the remote socket path must be absolute (otherwise the forwarding fails later). However, guessing absolute path on the remote end is sometimes not straightforward, because the file system location may vary for many reasons, including the system installation, the choices of NFS mount points, or the remote user ID. To allow ssh clients to request remote socket

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH

https://bugzilla.mindrot.org/show_bug.cgi?id=1967 Bug #: 1967 Summary: Potential memory leak Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at

When a forwarding specification ending in a slash ('\\') is used, the function "parse_fwd_field" jumps over the '\0' char marking the end of the string and keeps processing. This patch checks for that condition. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Fix-buffer-overrun.patch Type: application/text Size: 850 bytes Desc:

https://bugzilla.mindrot.org/show_bug.cgi?id=1552 Summary: Patch to log tunnel information Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jblaine at

This enables the ability to take the ovirt-node-image iso and deploy it to an iscsi disk. It also provides a sample pxe configuration for booting based on the iscsi root device. Includes support for user/password as well as reverse chap user/password. --- Makefile.am | 1 + livecd-iso-to-iscsi | 201 ++++++++++++++++++++++++++++++++++++++++++++++ ovirt-node-image.spec.in |

Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit:

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

Patch is below : diff -nru openssh-3.8.1p1/auth-options.c openssh-3.8.1p1-devs//auth-options.c --- openssh-3.8.1p1/auth-options.c Tue Jun 3 02:25:48 2003 +++ openssh-3.8.1p1-devs//auth-options.c Mon Feb 21 16:56:49 2005 @@ -265,6 +265,81 @@ xfree(patterns); goto next_option; } + +/* e.g: permitopenned="158.156.0.0/255.255.255.0:25[-1024]" + * note that part between [] is

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5