- dtucker@cvs.openbsd.org 2010/01/11 01:39:46
[ssh_config channels.c ssh.1 channels.h ssh.c] Add a 'netcat mode' (ssh -W). This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz #1618, man page help from jmc@, ok markus@
This commit is contained in:
parent
43551527dc
commit
7ad8dd21da
15
ChangeLog
15
ChangeLog
|
@ -1,4 +1,13 @@
|
||||||
20091210
|
20100111
|
||||||
|
- (dtucker) OpenBSD CVS Sync
|
||||||
|
- dtucker@cvs.openbsd.org 2010/01/11 01:39:46
|
||||||
|
[ssh_config channels.c ssh.1 channels.h ssh.c]
|
||||||
|
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
|
||||||
|
single port forward on the server. This allows, for example, using ssh as
|
||||||
|
a ProxyCommand to route connections via intermediate servers.
|
||||||
|
bz #1618, man page help from jmc@, ok markus@
|
||||||
|
|
||||||
|
20100110
|
||||||
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
|
- (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
|
||||||
Remove hacks add for RoutingDomain in preparation for its removal.
|
Remove hacks add for RoutingDomain in preparation for its removal.
|
||||||
- (dtucker) OpenBSD CVS Sync
|
- (dtucker) OpenBSD CVS Sync
|
||||||
|
@ -22,7 +31,7 @@
|
||||||
[auth.c]
|
[auth.c]
|
||||||
Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
|
Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
|
||||||
|
|
||||||
20091209
|
20100109
|
||||||
- (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
|
- (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
|
||||||
have it.
|
have it.
|
||||||
- (dtucker) [defines.h] define PRIu64 for platforms that don't have it.
|
- (dtucker) [defines.h] define PRIu64 for platforms that don't have it.
|
||||||
|
@ -59,7 +68,7 @@
|
||||||
dying. bz#1692, patch from Colin Watson via Ubuntu.
|
dying. bz#1692, patch from Colin Watson via Ubuntu.
|
||||||
- (dtucker) [defines.h] Remove now-undeeded PRIu64 define.
|
- (dtucker) [defines.h] Remove now-undeeded PRIu64 define.
|
||||||
|
|
||||||
20091208
|
20100108
|
||||||
- (dtucker) OpenBSD CVS Sync
|
- (dtucker) OpenBSD CVS Sync
|
||||||
- andreas@cvs.openbsd.org 2009/10/24 11:11:58
|
- andreas@cvs.openbsd.org 2009/10/24 11:11:58
|
||||||
[roaming.h]
|
[roaming.h]
|
||||||
|
|
31
channels.c
31
channels.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */
|
/* $OpenBSD: channels.c,v 1.301 2010/01/11 01:39:46 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1217,6 +1217,35 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Channel *
|
||||||
|
channel_connect_stdio_fwd(const char *host_to_connect, u_short port_to_connect)
|
||||||
|
{
|
||||||
|
Channel *c;
|
||||||
|
int in, out;
|
||||||
|
|
||||||
|
debug("channel_connect_stdio_fwd %s:%d", host_to_connect,
|
||||||
|
port_to_connect);
|
||||||
|
|
||||||
|
in = dup(STDIN_FILENO);
|
||||||
|
out = dup(STDOUT_FILENO);
|
||||||
|
if (in < 0 || out < 0)
|
||||||
|
fatal("channel_connect_stdio_fwd: dup() in/out failed");
|
||||||
|
|
||||||
|
c = channel_new("stdio-forward", SSH_CHANNEL_OPENING, in, out,
|
||||||
|
-1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
|
||||||
|
0, "stdio-forward", /*nonblock*/0);
|
||||||
|
|
||||||
|
c->path = xstrdup(host_to_connect);
|
||||||
|
c->host_port = port_to_connect;
|
||||||
|
c->listening_port = 0;
|
||||||
|
c->force_drain = 1;
|
||||||
|
|
||||||
|
channel_register_fds(c, in, out, -1, 0, 1, 0);
|
||||||
|
port_open_helper(c, "direct-tcpip");
|
||||||
|
|
||||||
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
/* dynamic port forwarding */
|
/* dynamic port forwarding */
|
||||||
static void
|
static void
|
||||||
channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset)
|
channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset)
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */
|
/* $OpenBSD: channels.h,v 1.102 2010/01/11 01:39:46 dtucker Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
@ -243,6 +243,7 @@ void channel_clear_adm_permitted_opens(void);
|
||||||
void channel_print_adm_permitted_opens(void);
|
void channel_print_adm_permitted_opens(void);
|
||||||
int channel_input_port_forward_request(int, int);
|
int channel_input_port_forward_request(int, int);
|
||||||
Channel *channel_connect_to(const char *, u_short, char *, char *);
|
Channel *channel_connect_to(const char *, u_short, char *, char *);
|
||||||
|
Channel *channel_connect_stdio_fwd(const char*, u_short);
|
||||||
Channel *channel_connect_by_listen_address(u_short, char *, char *);
|
Channel *channel_connect_by_listen_address(u_short, char *, char *);
|
||||||
int channel_request_remote_forwarding(const char *, u_short,
|
int channel_request_remote_forwarding(const char *, u_short,
|
||||||
const char *, u_short);
|
const char *, u_short);
|
||||||
|
|
20
ssh.1
20
ssh.1
|
@ -34,8 +34,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $
|
.\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $
|
||||||
.Dd $Mdocdate: January 9 2010 $
|
.Dd $Mdocdate: January 11 2010 $
|
||||||
.Dt SSH 1
|
.Dt SSH 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -77,12 +77,11 @@
|
||||||
.Sm on
|
.Sm on
|
||||||
.Oc
|
.Oc
|
||||||
.Op Fl S Ar ctl_path
|
.Op Fl S Ar ctl_path
|
||||||
.Bk -words
|
.Op Fl W Ar host : Ns Ar port
|
||||||
.Oo Fl w Ar local_tun Ns
|
.Oo Fl w Ar local_tun Ns
|
||||||
.Op : Ns Ar remote_tun Oc
|
.Op : Ns Ar remote_tun Oc
|
||||||
.Oo Ar user Ns @ Oc Ns Ar hostname
|
.Oo Ar user Ns @ Oc Ns Ar hostname
|
||||||
.Op Ar command
|
.Op Ar command
|
||||||
.Ek
|
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
(SSH client) is a program for logging into a remote machine and for
|
(SSH client) is a program for logging into a remote machine and for
|
||||||
|
@ -594,6 +593,19 @@ Multiple
|
||||||
.Fl v
|
.Fl v
|
||||||
options increase the verbosity.
|
options increase the verbosity.
|
||||||
The maximum is 3.
|
The maximum is 3.
|
||||||
|
.It Fl W Ar host : Ns Ar port
|
||||||
|
Requests that standard input and output on the client be forwarded to
|
||||||
|
.Ar host
|
||||||
|
on
|
||||||
|
.Ar port
|
||||||
|
over the secure channel.
|
||||||
|
Implies
|
||||||
|
.Fl N ,
|
||||||
|
.Fl T ,
|
||||||
|
.Cm ExitOnForwardFailure
|
||||||
|
and
|
||||||
|
.Cm ClearAllForwardings
|
||||||
|
and works with Protocol version 2 only.
|
||||||
.It Fl w Xo
|
.It Fl w Xo
|
||||||
.Ar local_tun Ns Op : Ns Ar remote_tun
|
.Ar local_tun Ns Op : Ns Ar remote_tun
|
||||||
.Xc
|
.Xc
|
||||||
|
|
57
ssh.c
57
ssh.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */
|
/* $OpenBSD: ssh.c,v 1.331 2010/01/11 01:39:46 dtucker Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -133,6 +133,10 @@ int stdin_null_flag = 0;
|
||||||
*/
|
*/
|
||||||
int fork_after_authentication_flag = 0;
|
int fork_after_authentication_flag = 0;
|
||||||
|
|
||||||
|
/* forward stdio to remote host and port */
|
||||||
|
char *stdio_forward_host = NULL;
|
||||||
|
int stdio_forward_port = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* General data structure for command line options and options configurable
|
* General data structure for command line options and options configurable
|
||||||
* in configuration files. See readconf.h.
|
* in configuration files. See readconf.h.
|
||||||
|
@ -186,7 +190,8 @@ usage(void)
|
||||||
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
|
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
|
||||||
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
|
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
|
||||||
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
|
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
|
||||||
" [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
|
" [-W host:port] [-w local_tun[:remote_tun]]\n"
|
||||||
|
" [user@]hostname [command]\n"
|
||||||
);
|
);
|
||||||
exit(255);
|
exit(255);
|
||||||
}
|
}
|
||||||
|
@ -276,7 +281,7 @@ main(int ac, char **av)
|
||||||
|
|
||||||
again:
|
again:
|
||||||
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
|
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
|
||||||
"ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) {
|
"ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case '1':
|
case '1':
|
||||||
options.protocol = SSH_PROTO_1;
|
options.protocol = SSH_PROTO_1;
|
||||||
|
@ -389,6 +394,22 @@ main(int ac, char **av)
|
||||||
exit(255);
|
exit(255);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
case 'W':
|
||||||
|
if (parse_forward(&fwd, optarg, 1, 0)) {
|
||||||
|
stdio_forward_host = fwd.listen_host;
|
||||||
|
stdio_forward_port = fwd.listen_port;
|
||||||
|
xfree(fwd.connect_host);
|
||||||
|
} else {
|
||||||
|
fprintf(stderr,
|
||||||
|
"Bad stdio forwarding specification '%s'\n",
|
||||||
|
optarg);
|
||||||
|
exit(255);
|
||||||
|
}
|
||||||
|
no_tty_flag = 1;
|
||||||
|
no_shell_flag = 1;
|
||||||
|
options.clear_forwardings = 1;
|
||||||
|
options.exit_on_forward_failure = 1;
|
||||||
|
break;
|
||||||
case 'q':
|
case 'q':
|
||||||
options.log_level = SYSLOG_LEVEL_QUIET;
|
options.log_level = SYSLOG_LEVEL_QUIET;
|
||||||
break;
|
break;
|
||||||
|
@ -870,12 +891,42 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
client_cleanup_stdio_fwd(int id, void *arg)
|
||||||
|
{
|
||||||
|
debug("stdio forwarding: done");
|
||||||
|
cleanup_exit(0);
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
client_setup_stdio_fwd(const char *host_to_connect, u_short port_to_connect)
|
||||||
|
{
|
||||||
|
Channel *c;
|
||||||
|
|
||||||
|
debug3("client_setup_stdio_fwd %s:%d", host_to_connect,
|
||||||
|
port_to_connect);
|
||||||
|
if ((c = channel_connect_stdio_fwd(host_to_connect, port_to_connect))
|
||||||
|
== NULL)
|
||||||
|
return 0;
|
||||||
|
channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
ssh_init_forwarding(void)
|
ssh_init_forwarding(void)
|
||||||
{
|
{
|
||||||
int success = 0;
|
int success = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
if (stdio_forward_host != NULL) {
|
||||||
|
if (!compat20) {
|
||||||
|
fatal("stdio forwarding require Protocol 2");
|
||||||
|
}
|
||||||
|
if (!client_setup_stdio_fwd(stdio_forward_host,
|
||||||
|
stdio_forward_port))
|
||||||
|
fatal("Failed to connect in stdio forward mode.");
|
||||||
|
}
|
||||||
|
|
||||||
/* Initiate local TCP/IP port forwardings. */
|
/* Initiate local TCP/IP port forwardings. */
|
||||||
for (i = 0; i < options.num_local_forwards; i++) {
|
for (i = 0; i < options.num_local_forwards; i++) {
|
||||||
debug("Local connections to %.200s:%d forwarded to remote "
|
debug("Local connections to %.200s:%d forwarded to remote "
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
|
# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
|
||||||
|
|
||||||
# This is the ssh client system-wide configuration file. See
|
# This is the ssh client system-wide configuration file. See
|
||||||
# ssh_config(5) for more information. This file provides defaults for
|
# ssh_config(5) for more information. This file provides defaults for
|
||||||
|
@ -44,3 +44,4 @@
|
||||||
# TunnelDevice any:any
|
# TunnelDevice any:any
|
||||||
# PermitLocalCommand no
|
# PermitLocalCommand no
|
||||||
# VisualHostKey no
|
# VisualHostKey no
|
||||||
|
# ProxyCommand ssh -q -W %h:%p gateway.example.com
|
||||||
|
|
Loading…
Reference in New Issue