headers
Darren Tucker | 1 May 2012 12:48
Picon
Picon

Re: Feature request: virtual servers

On Thu, Apr 26, 2012 at 08:34:32AM +0200, Philipp Marek wrote:
> Could you put that in OpenSSH, so that -portable and the distributions can 
> pick that up sometime?

We're looking at it.

In the mean time, here's an updated patch that:
 - fixes a problem with the "Match Port" code
 - fixes the regress tests and adds a couple more
 - some minor cleanups
 - applies to openssh-6.0p1

Index: auth.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/auth.c,v
retrieving revision 1.149
diff -u -p -r1.149 auth.c
--- auth.c	29 May 2011 11:40:42 -0000	1.149
+++ auth.c	1 May 2012 10:36:24 -0000
 <at>  <at>  -544,9 +544,14  <at>  <at>  getpwnamallow(const char *user)
 #endif
 #endif
 	struct passwd *pw;
+	ConnectionInfo connection_info;

-	parse_server_match_config(&options, user,
-	    get_canonical_hostname(options.use_dns), get_remote_ipaddr());
+	connection_info.user = user;
+	connection_info.host = get_canonical_hostname(options.use_dns);
+	connection_info.address = get_remote_ipaddr();
(Continue reading)

Permalink | Reply | 0 comments |
headers
Oliver | 3 May 2012 03:49
Gravatar

Strange behaviour of ssh client on arch

Hi,

I don't know, if this is a developer question, but it is too strange for
the user list and maybe a possible bug. My setup is a little bit 
complicated, but I will try to explain as simple as possible. I've got 3 server:

All Server:
System: Debian 6
Interfaces on server1: eth0 tun0 tun1
$ ssh -v
OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010

Server 1 is for connecting and tunneling via ssh, let's say public ip
123.1.1.1. If I connect to Server 1, I can surf the web with the server
1 ip - fine!

Server 2 is in the same network, let's say public ip 123.1.1.2. It is
connected on tun0 with server 1 - IP 10.1.0.1 (on server 2) and IP
10.1.0.6 (on server 1)

I mark the traffic of the tunnel with the owner (me => uid 2000):

iptables -t mangle -I OUTPUT -m owner --uid-owner 2000 -j MARK
--set-mark 0x1

and add a rule on server 1 with iproute2:

ip rule from 123.1.1.1 fwmark 0x1 lookup vpn_to_server2

This table sets the default gateway on tun0, so the traffic is
(Continue reading)

Permalink | Reply | 1 comment |
headers
Oliver | 3 May 2012 04:16
Gravatar

Re: Strange behaviour of ssh client on arch

I tried on ubuntu (ssh -v => OpenSSH_5.8p1 Debian-7ubuntu1, OpenSSL
1.0.0e 6 Sep 2011) and it works perfect. Is this a problem of archlinux
or a problem of the OpenSSH Version?
Permalink | Reply | 0 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 0/6] New mux client request to list open tcp forwardings.

These patches implement a new mux client request to list the currently opened
TCP forwardings. It also removes some todos regarding keeping the list
of forwardings in the options up-to-date.

Bert Wesarg (6):
  attach the forwarding type to struct Forward
  merge local and remote forward lists
  generate unique ids for forwardings to be used for identification
  remove closed forwardings from options
  maintain lists of forwards when changed from a mux client command
    line
  [mux.c] new request to list open forwardings

 PROTOCOL.mux |   36 ++++++++++-
 clientloop.c |   40 +++++++++---
 mux.c        |  200 ++++++++++++++++++++++++++++------------------------------
 readconf.c   |  128 +++++++++++++++++++------------------
 readconf.h   |   23 ++++---
 ssh.c        |  103 +++++++++++++++++++-----------
 sshconnect.c |    8 +-
 7 files changed, 308 insertions(+), 230 deletions(-)

--

-- 
1.7.9.rc0.542.g07ca1
Permalink | Reply | 7 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 5/6] maintain lists of forwards when changed from a mux client command line

---
 clientloop.c |   19 ++++++++++++++++++-
 1 files changed, 18 insertions(+), 1 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 6c62bb7..018df0d 100644
--- a/clientloop.c
+++ b/clientloop.c
 <at>  <at>  -933,7 +933,6  <at>  <at>  process_cmdline(void)
 	while (isspace(*++s))
 		;

-	/* XXX update list of forwards in options */
 	if (delete) {
 		cancel_port = 0;
 		cancel_host = hpdelim(&s);	/* may be NULL */
 <at>  <at>  -962,6 +961,23  <at>  <at>  process_cmdline(void)
 			logit("Unkown port forwarding.");
 			goto out;
 		}
+		for (i = 0; i < options.num_forwards; i++) {
+			Forward *efwd = options.forwards + i;
+			int listen_port = (efwd->listen_port == 0) ?
+			    efwd->allocated_port : efwd->listen_port;
+			if (fwdtype != efwd->type)
+				continue;
+			if (cancel_port != listen_port)
+				continue;
+			if ((efwd->listen_host == NULL && cancel_host != NULL) ||
+			    (efwd->listen_host != NULL && cancel_host == NULL))
(Continue reading)

Permalink | Reply | 1 comment |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 2/6] merge local and remote forward lists

---
 mux.c        |   99 ++++++++++++++++++++--------------------------------------
 readconf.c   |   87 +++++++++++++++-----------------------------------
 readconf.h   |   13 ++-----
 ssh.c        |   74 ++++++++++++++++++++++++-------------------
 sshconnect.c |    8 ++--
 5 files changed, 110 insertions(+), 171 deletions(-)

diff --git a/mux.c b/mux.c
index e7b81d1..d57c1de 100644
--- a/mux.c
+++ b/mux.c
 <at>  <at>  -584,11 +584,15  <at>  <at>  mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
 		return;
 	}
 	buffer_init(&out);
-	if (fctx->fid >= options.num_remote_forwards) {
+	if (fctx->fid >= options.num_forwards) {
 		xasprintf(&failmsg, "unknown forwarding id %d", fctx->fid);
 		goto fail;
 	}
-	rfwd = &options.remote_forwards[fctx->fid];
+	rfwd = &options.forwards[fctx->fid];
+	if (rfwd->type != SSH_FWD_REMOTE) {
+		xasprintf(&failmsg, "non-remote forwarding id %d", fctx->fid);
+		goto fail;
+	}
 	debug("%s: %s for: listen %d, connect %s:%d", __func__,
 	    type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
 	    rfwd->listen_port, rfwd->connect_host, rfwd->connect_port);
(Continue reading)

Permalink | Reply | 4 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 4/6] remove closed forwardings from options

---
 mux.c      |    8 +-------
 readconf.c |   32 ++++++++++++++++++++++++++++++++
 readconf.h |    1 +
 3 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/mux.c b/mux.c
index 337ef54..c59bb97 100644
--- a/mux.c
+++ b/mux.c
 <at>  <at>  -835,13 +835,7  <at>  <at>  process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
 		buffer_put_int(r, MUX_S_OK);
 		buffer_put_int(r, rid);

-		found_fwd->type = 0;
-		if (found_fwd->listen_host != NULL)
-			xfree(found_fwd->listen_host);
-		if (found_fwd->connect_host != NULL)
-			xfree(found_fwd->connect_host);
-		found_fwd->listen_host = found_fwd->connect_host = NULL;
-		found_fwd->listen_port = found_fwd->connect_port = 0;
+		remove_forward(&options, found_fwd);
 	} else {
 		buffer_put_int(r, MUX_S_FAILURE);
 		buffer_put_int(r, rid);
diff --git a/readconf.c b/readconf.c
index a89b07a..371570d 100644
--- a/readconf.c
+++ b/readconf.c
 <at>  <at>  -286,6 +286,38  <at>  <at>  add_forward(Options *options, const Forward *newfwd)
(Continue reading)

Permalink | Reply | 2 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 3/6] generate unique ids for forwardings to be used for identification

---
 mux.c      |   21 +++++++++++----------
 readconf.c |    6 +++++-
 readconf.h |    3 ++-
 ssh.c      |   23 ++++++++++++++++++++---
 4 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/mux.c b/mux.c
index d57c1de..337ef54 100644
--- a/mux.c
+++ b/mux.c
 <at>  <at>  -113,7 +113,7  <at>  <at>  struct mux_session_confirm_ctx {
 struct mux_channel_confirm_ctx {
 	u_int cid;	/* channel id */
 	u_int rid;	/* request id */
-	int fid;	/* forward id */
+	u_int fid;	/* forward id */
 };

 /* fd to control socket */
 <at>  <at>  -574,9 +574,10  <at>  <at>  mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
 {
 	struct mux_channel_confirm_ctx *fctx = ctxt;
 	char *failmsg = NULL;
-	Forward *rfwd;
+	Forward *rfwd = NULL;
 	Channel *c;
 	Buffer out;
+	int i;
(Continue reading)

Permalink | Reply | 3 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 1/6] attach the forwarding type to struct Forward

---
 clientloop.c |   21 +++++++++---------
 mux.c        |   65 ++++++++++++++++++++++++++++-----------------------------
 readconf.c   |   19 ++++++++++------
 readconf.h   |    8 ++++++-
 ssh.c        |    8 +++---
 5 files changed, 66 insertions(+), 55 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 58357cf..6c62bb7 100644
--- a/clientloop.c
+++ b/clientloop.c
 <at>  <at>  -863,7 +863,8  <at>  <at>  process_cmdline(void)
 {
 	void (*handler)(int);
 	char *s, *cmd, *cancel_host;
-	int delete = 0, local = 0, remote = 0, dynamic = 0;
+	int delete = 0, i;
+	u_int fwdtype;
 	int cancel_port, ok;
 	Forward fwd;

 <at>  <at>  -914,11 +915,11  <at>  <at>  process_cmdline(void)
 		s++;
 	}
 	if (*s == 'L')
-		local = 1;
+		fwdtype = SSH_FWD_LOCAL;
 	else if (*s == 'R')
-		remote = 1;
(Continue reading)

Permalink | Reply | 5 comments |
headers
Bert Wesarg | 3 May 2012 13:33

[PATCH/RFC 6/6] [mux.c] new request to list open forwardings

---
 PROTOCOL.mux |   36 +++++++++++++++++++++++++++++++++---
 mux.c        |   31 +++++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/PROTOCOL.mux b/PROTOCOL.mux
index 49cbe5b..26b5f8d 100644
--- a/PROTOCOL.mux
+++ b/PROTOCOL.mux
 <at>  <at>  -171,13 +171,41  <at>  <at>  and remove its listener socket.
 A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
 MUX_S_FAILURE.

-9. Status messages
+9. Request a list of open forwardings from the mux listener
+
+A client may request the master to send the list of open port forwardings.
+
+	uint32	MUX_C_LIST_FWDS
+	uint32	request id
+
+The server will reply with a MUX_S_RESULT and the following payload:
+
+	uint32	MUX_S_RESULT
+	uint32	client request id
+	[ uint32	forwarding id
+	  uint32	forwarding type
+	  string	listen host
+	  uint32	listen port
+	  string	connect host
(Continue reading)

Permalink | Reply | 0 comments |

Gmane