diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-01-12 19:40:27 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-12 19:40:27 +1100 |
commit | 7ad8dd21da5e2a2687fdff14142b70f1587f96ce (patch) | |
tree | 5d8e196d1a258b7dc837ae529e4d945d30014aaf | |
parent | 43551527dc1cc9f18561c4816960440de2ce289b (diff) |
- dtucker@cvs.openbsd.org 2010/01/11 01:39:46
[ssh_config channels.c ssh.1 channels.h ssh.c]
Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
single port forward on the server. This allows, for example, using ssh as
a ProxyCommand to route connections via intermediate servers.
bz #1618, man page help from jmc@, ok markus@
-rw-r--r-- | ChangeLog | 15 | ||||
-rw-r--r-- | channels.c | 31 | ||||
-rw-r--r-- | channels.h | 3 | ||||
-rw-r--r-- | ssh.1 | 20 | ||||
-rw-r--r-- | ssh.c | 57 | ||||
-rw-r--r-- | ssh_config | 3 |
6 files changed, 116 insertions, 13 deletions
@@ -1,4 +1,13 @@ | |||
1 | 20091210 | 1 | 20100111 |
2 | - (dtucker) OpenBSD CVS Sync | ||
3 | - dtucker@cvs.openbsd.org 2010/01/11 01:39:46 | ||
4 | [ssh_config channels.c ssh.1 channels.h ssh.c] | ||
5 | Add a 'netcat mode' (ssh -W). This connects stdio on the client to a | ||
6 | single port forward on the server. This allows, for example, using ssh as | ||
7 | a ProxyCommand to route connections via intermediate servers. | ||
8 | bz #1618, man page help from jmc@, ok markus@ | ||
9 | |||
10 | 20100110 | ||
2 | - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] | 11 | - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] |
3 | Remove hacks add for RoutingDomain in preparation for its removal. | 12 | Remove hacks add for RoutingDomain in preparation for its removal. |
4 | - (dtucker) OpenBSD CVS Sync | 13 | - (dtucker) OpenBSD CVS Sync |
@@ -22,7 +31,7 @@ | |||
22 | [auth.c] | 31 | [auth.c] |
23 | Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ | 32 | Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ |
24 | 33 | ||
25 | 20091209 | 34 | 20100109 |
26 | - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't | 35 | - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't |
27 | have it. | 36 | have it. |
28 | - (dtucker) [defines.h] define PRIu64 for platforms that don't have it. | 37 | - (dtucker) [defines.h] define PRIu64 for platforms that don't have it. |
@@ -59,7 +68,7 @@ | |||
59 | dying. bz#1692, patch from Colin Watson via Ubuntu. | 68 | dying. bz#1692, patch from Colin Watson via Ubuntu. |
60 | - (dtucker) [defines.h] Remove now-undeeded PRIu64 define. | 69 | - (dtucker) [defines.h] Remove now-undeeded PRIu64 define. |
61 | 70 | ||
62 | 20091208 | 71 | 20100108 |
63 | - (dtucker) OpenBSD CVS Sync | 72 | - (dtucker) OpenBSD CVS Sync |
64 | - andreas@cvs.openbsd.org 2009/10/24 11:11:58 | 73 | - andreas@cvs.openbsd.org 2009/10/24 11:11:58 |
65 | [roaming.h] | 74 | [roaming.h] |
diff --git a/channels.c b/channels.c index 87dbe96d3..e8589d8c4 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.300 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.301 2010/01/11 01:39:46 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1217,6 +1217,35 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1217 | return 1; | 1217 | return 1; |
1218 | } | 1218 | } |
1219 | 1219 | ||
1220 | Channel * | ||
1221 | channel_connect_stdio_fwd(const char *host_to_connect, u_short port_to_connect) | ||
1222 | { | ||
1223 | Channel *c; | ||
1224 | int in, out; | ||
1225 | |||
1226 | debug("channel_connect_stdio_fwd %s:%d", host_to_connect, | ||
1227 | port_to_connect); | ||
1228 | |||
1229 | in = dup(STDIN_FILENO); | ||
1230 | out = dup(STDOUT_FILENO); | ||
1231 | if (in < 0 || out < 0) | ||
1232 | fatal("channel_connect_stdio_fwd: dup() in/out failed"); | ||
1233 | |||
1234 | c = channel_new("stdio-forward", SSH_CHANNEL_OPENING, in, out, | ||
1235 | -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | ||
1236 | 0, "stdio-forward", /*nonblock*/0); | ||
1237 | |||
1238 | c->path = xstrdup(host_to_connect); | ||
1239 | c->host_port = port_to_connect; | ||
1240 | c->listening_port = 0; | ||
1241 | c->force_drain = 1; | ||
1242 | |||
1243 | channel_register_fds(c, in, out, -1, 0, 1, 0); | ||
1244 | port_open_helper(c, "direct-tcpip"); | ||
1245 | |||
1246 | return c; | ||
1247 | } | ||
1248 | |||
1220 | /* dynamic port forwarding */ | 1249 | /* dynamic port forwarding */ |
1221 | static void | 1250 | static void |
1222 | channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset) | 1251 | channel_pre_dynamic(Channel *c, fd_set *readset, fd_set *writeset) |
diff --git a/channels.h b/channels.h index f65a311dc..79ebe047a 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.101 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.102 2010/01/11 01:39:46 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -243,6 +243,7 @@ void channel_clear_adm_permitted_opens(void); | |||
243 | void channel_print_adm_permitted_opens(void); | 243 | void channel_print_adm_permitted_opens(void); |
244 | int channel_input_port_forward_request(int, int); | 244 | int channel_input_port_forward_request(int, int); |
245 | Channel *channel_connect_to(const char *, u_short, char *, char *); | 245 | Channel *channel_connect_to(const char *, u_short, char *, char *); |
246 | Channel *channel_connect_stdio_fwd(const char*, u_short); | ||
246 | Channel *channel_connect_by_listen_address(u_short, char *, char *); | 247 | Channel *channel_connect_by_listen_address(u_short, char *, char *); |
247 | int channel_request_remote_forwarding(const char *, u_short, | 248 | int channel_request_remote_forwarding(const char *, u_short, |
248 | const char *, u_short); | 249 | const char *, u_short); |
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.289 2010/01/09 23:04:13 dtucker Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $ |
38 | .Dd $Mdocdate: January 9 2010 $ | 38 | .Dd $Mdocdate: January 11 2010 $ |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -77,12 +77,11 @@ | |||
77 | .Sm on | 77 | .Sm on |
78 | .Oc | 78 | .Oc |
79 | .Op Fl S Ar ctl_path | 79 | .Op Fl S Ar ctl_path |
80 | .Bk -words | 80 | .Op Fl W Ar host : Ns Ar port |
81 | .Oo Fl w Ar local_tun Ns | 81 | .Oo Fl w Ar local_tun Ns |
82 | .Op : Ns Ar remote_tun Oc | 82 | .Op : Ns Ar remote_tun Oc |
83 | .Oo Ar user Ns @ Oc Ns Ar hostname | 83 | .Oo Ar user Ns @ Oc Ns Ar hostname |
84 | .Op Ar command | 84 | .Op Ar command |
85 | .Ek | ||
86 | .Sh DESCRIPTION | 85 | .Sh DESCRIPTION |
87 | .Nm | 86 | .Nm |
88 | (SSH client) is a program for logging into a remote machine and for | 87 | (SSH client) is a program for logging into a remote machine and for |
@@ -594,6 +593,19 @@ Multiple | |||
594 | .Fl v | 593 | .Fl v |
595 | options increase the verbosity. | 594 | options increase the verbosity. |
596 | The maximum is 3. | 595 | The maximum is 3. |
596 | .It Fl W Ar host : Ns Ar port | ||
597 | Requests that standard input and output on the client be forwarded to | ||
598 | .Ar host | ||
599 | on | ||
600 | .Ar port | ||
601 | over the secure channel. | ||
602 | Implies | ||
603 | .Fl N , | ||
604 | .Fl T , | ||
605 | .Cm ExitOnForwardFailure | ||
606 | and | ||
607 | .Cm ClearAllForwardings | ||
608 | and works with Protocol version 2 only. | ||
597 | .It Fl w Xo | 609 | .It Fl w Xo |
598 | .Ar local_tun Ns Op : Ns Ar remote_tun | 610 | .Ar local_tun Ns Op : Ns Ar remote_tun |
599 | .Xc | 611 | .Xc |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.330 2010/01/09 23:04:13 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.331 2010/01/11 01:39:46 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -133,6 +133,10 @@ int stdin_null_flag = 0; | |||
133 | */ | 133 | */ |
134 | int fork_after_authentication_flag = 0; | 134 | int fork_after_authentication_flag = 0; |
135 | 135 | ||
136 | /* forward stdio to remote host and port */ | ||
137 | char *stdio_forward_host = NULL; | ||
138 | int stdio_forward_port = 0; | ||
139 | |||
136 | /* | 140 | /* |
137 | * General data structure for command line options and options configurable | 141 | * General data structure for command line options and options configurable |
138 | * in configuration files. See readconf.h. | 142 | * in configuration files. See readconf.h. |
@@ -186,7 +190,8 @@ usage(void) | |||
186 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" | 190 | " [-i identity_file] [-L [bind_address:]port:host:hostport]\n" |
187 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | 191 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
188 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" | 192 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
189 | " [-w local_tun[:remote_tun]] [user@]hostname [command]\n" | 193 | " [-W host:port] [-w local_tun[:remote_tun]]\n" |
194 | " [user@]hostname [command]\n" | ||
190 | ); | 195 | ); |
191 | exit(255); | 196 | exit(255); |
192 | } | 197 | } |
@@ -276,7 +281,7 @@ main(int ac, char **av) | |||
276 | 281 | ||
277 | again: | 282 | again: |
278 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" | 283 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" |
279 | "ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) { | 284 | "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { |
280 | switch (opt) { | 285 | switch (opt) { |
281 | case '1': | 286 | case '1': |
282 | options.protocol = SSH_PROTO_1; | 287 | options.protocol = SSH_PROTO_1; |
@@ -389,6 +394,22 @@ main(int ac, char **av) | |||
389 | exit(255); | 394 | exit(255); |
390 | } | 395 | } |
391 | break; | 396 | break; |
397 | case 'W': | ||
398 | if (parse_forward(&fwd, optarg, 1, 0)) { | ||
399 | stdio_forward_host = fwd.listen_host; | ||
400 | stdio_forward_port = fwd.listen_port; | ||
401 | xfree(fwd.connect_host); | ||
402 | } else { | ||
403 | fprintf(stderr, | ||
404 | "Bad stdio forwarding specification '%s'\n", | ||
405 | optarg); | ||
406 | exit(255); | ||
407 | } | ||
408 | no_tty_flag = 1; | ||
409 | no_shell_flag = 1; | ||
410 | options.clear_forwardings = 1; | ||
411 | options.exit_on_forward_failure = 1; | ||
412 | break; | ||
392 | case 'q': | 413 | case 'q': |
393 | options.log_level = SYSLOG_LEVEL_QUIET; | 414 | options.log_level = SYSLOG_LEVEL_QUIET; |
394 | break; | 415 | break; |
@@ -871,11 +892,41 @@ ssh_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
871 | } | 892 | } |
872 | 893 | ||
873 | static void | 894 | static void |
895 | client_cleanup_stdio_fwd(int id, void *arg) | ||
896 | { | ||
897 | debug("stdio forwarding: done"); | ||
898 | cleanup_exit(0); | ||
899 | } | ||
900 | |||
901 | static int | ||
902 | client_setup_stdio_fwd(const char *host_to_connect, u_short port_to_connect) | ||
903 | { | ||
904 | Channel *c; | ||
905 | |||
906 | debug3("client_setup_stdio_fwd %s:%d", host_to_connect, | ||
907 | port_to_connect); | ||
908 | if ((c = channel_connect_stdio_fwd(host_to_connect, port_to_connect)) | ||
909 | == NULL) | ||
910 | return 0; | ||
911 | channel_register_cleanup(c->self, client_cleanup_stdio_fwd, 0); | ||
912 | return 1; | ||
913 | } | ||
914 | |||
915 | static void | ||
874 | ssh_init_forwarding(void) | 916 | ssh_init_forwarding(void) |
875 | { | 917 | { |
876 | int success = 0; | 918 | int success = 0; |
877 | int i; | 919 | int i; |
878 | 920 | ||
921 | if (stdio_forward_host != NULL) { | ||
922 | if (!compat20) { | ||
923 | fatal("stdio forwarding require Protocol 2"); | ||
924 | } | ||
925 | if (!client_setup_stdio_fwd(stdio_forward_host, | ||
926 | stdio_forward_port)) | ||
927 | fatal("Failed to connect in stdio forward mode."); | ||
928 | } | ||
929 | |||
879 | /* Initiate local TCP/IP port forwardings. */ | 930 | /* Initiate local TCP/IP port forwardings. */ |
880 | for (i = 0; i < options.num_local_forwards; i++) { | 931 | for (i = 0; i < options.num_local_forwards; i++) { |
881 | debug("Local connections to %.200s:%d forwarded to remote " | 932 | debug("Local connections to %.200s:%d forwarded to remote " |
diff --git a/ssh_config b/ssh_config index f28d59583..18936740f 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $ | 1 | # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -44,3 +44,4 @@ | |||
44 | # TunnelDevice any:any | 44 | # TunnelDevice any:any |
45 | # PermitLocalCommand no | 45 | # PermitLocalCommand no |
46 | # VisualHostKey no | 46 | # VisualHostKey no |
47 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | ||