From efad7275170c877e5ccb442b6eb99c7d3675622a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 22 Sep 2011 21:33:53 +1000 Subject: - djm@cvs.openbsd.org 2011/08/26 01:45:15 [ssh.1] Add some missing ssh_config(5) options that can be used in ssh(1)'s -o argument. Patch from duclare AT guu.fi --- ssh.1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ssh.1 b/ssh.1 index 9c1ca4b16..fbdddc7d1 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.320 2011/08/02 01:22:11 djm Exp $ -.Dd $Mdocdate: August 2 2011 $ +.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $ +.Dd $Mdocdate: August 26 2011 $ .Dt SSH 1 .Os .Sh NAME @@ -419,11 +419,13 @@ For full details of the options listed below, and their possible values, see .It ConnectTimeout .It ControlMaster .It ControlPath +.It ControlPersist .It DynamicForward .It EscapeChar .It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 +.It ForwardX11Timeout .It ForwardX11Trusted .It GatewayPorts .It GlobalKnownHostsFile @@ -438,6 +440,7 @@ For full details of the options listed below, and their possible values, see .It IdentityFile .It IdentitiesOnly .It IPQoS +.It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms .It LocalCommand -- cgit v1.2.3 From ff773644e6892e6d3999b0e0c69f05b56705eabc Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 22 Sep 2011 21:39:48 +1000 Subject: - markus@cvs.openbsd.org 2011/09/10 22:26:34 [channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@ --- ChangeLog | 4 ++++ channels.c | 14 +++++++++++--- channels.h | 6 ++++-- clientloop.c | 34 +++++++++++++++++++++++----------- ssh.1 | 19 ++++++++++++++----- 5 files changed, 56 insertions(+), 21 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index b31ee81cd..d1c4b3e65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -56,6 +56,10 @@ support for cancelling local and remote port forwards via the multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ 20110909 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From diff --git a/channels.c b/channels.c index 0f7e1a872..b6663de8f 100644 --- a/channels.c +++ b/channels.c @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.312 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.313 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -2844,7 +2844,7 @@ channel_cancel_rport_listener(const char *host, u_short port) int channel_cancel_lport_listener(const char *lhost, u_short lport, - u_short cport, int gateway_ports) + int cport, int gateway_ports) { u_int i; int found = 0; @@ -2854,8 +2854,16 @@ channel_cancel_lport_listener(const char *lhost, u_short lport, Channel *c = channels[i]; if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) continue; - if (c->listening_port != lport || c->host_port != cport) + if (c->listening_port != lport) continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } if ((c->listening_addr == NULL && addr != NULL) || (c->listening_addr != NULL && addr == NULL)) continue; diff --git a/channels.h b/channels.h index 37af32289..ff84ea54f 100644 --- a/channels.h +++ b/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.106 2011/09/09 22:46:44 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.107 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen @@ -57,6 +57,8 @@ #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ #define SSH_CHANNEL_MAX_TYPE 17 +#define CHANNEL_CANCEL_PORT_STATIC -1 + struct Channel; typedef struct Channel Channel; @@ -265,7 +267,7 @@ int channel_setup_local_fwd_listener(const char *, u_short, int channel_request_rforward_cancel(const char *host, u_short port); int channel_setup_remote_fwd_listener(const char *, u_short, int *, int); int channel_cancel_rport_listener(const char *, u_short); -int channel_cancel_lport_listener(const char *, u_short, u_short, int); +int channel_cancel_lport_listener(const char *, u_short, int, int); /* x11 forwarding */ diff --git a/clientloop.c b/clientloop.c index c19b01f19..1339521f4 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.236 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.237 2011/09/10 22:26:34 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -839,9 +839,8 @@ process_cmdline(void) { void (*handler)(int); char *s, *cmd, *cancel_host; - int delete = 0; - int local = 0, remote = 0, dynamic = 0; - int cancel_port; + int delete = 0, local = 0, remote = 0, dynamic = 0; + int cancel_port, ok; Forward fwd; bzero(&fwd, sizeof(fwd)); @@ -867,8 +866,12 @@ process_cmdline(void) "Request remote forward"); logit(" -D[bind_address:]port " "Request dynamic forward"); + logit(" -KL[bind_address:]port " + "Cancel local forward"); logit(" -KR[bind_address:]port " "Cancel remote forward"); + logit(" -KD[bind_address:]port " + "Cancel dynamic forward"); if (!options.permit_local_command) goto out; logit(" !args " @@ -897,11 +900,7 @@ process_cmdline(void) goto out; } - if ((local || dynamic) && delete) { - logit("Not supported."); - goto out; - } - if (remote && delete && !compat20) { + if (delete && !compat20) { logit("Not supported for SSH protocol version 1."); goto out; } @@ -924,7 +923,21 @@ process_cmdline(void) logit("Bad forwarding close port"); goto out; } - channel_request_rforward_cancel(cancel_host, cancel_port); + if (remote) + ok = channel_request_rforward_cancel(cancel_host, + cancel_port) == 0; + else if (dynamic) + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, 0, options.gateway_ports) > 0; + else + ok = channel_cancel_lport_listener(cancel_host, + cancel_port, CHANNEL_CANCEL_PORT_STATIC, + options.gateway_ports) > 0; + if (!ok) { + logit("Unkown port forwarding."); + goto out; + } + logit("Canceled forwarding."); } else { if (!parse_forward(&fwd, s, dynamic, remote)) { logit("Bad forwarding specification."); @@ -945,7 +958,6 @@ process_cmdline(void) goto out; } } - logit("Forwarding port."); } diff --git a/ssh.1 b/ssh.1 index fbdddc7d1..67a42cb5d 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.321 2011/08/26 01:45:15 djm Exp $ -.Dd $Mdocdate: August 26 2011 $ +.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $ +.Dd $Mdocdate: September 10 2011 $ .Dt SSH 1 .Os .Sh NAME @@ -899,11 +899,20 @@ Currently this allows the addition of port forwardings using the and .Fl D options (see above). -It also allows the cancellation of existing remote port-forwardings -using +It also allows the cancellation of existing port-forwardings +with +.Sm off +.Fl KL Oo Ar bind_address : Oc Ar port +.Sm on +for local, +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port +.Sm on +for remote and .Sm off -.Fl KR Oo Ar bind_address : Oc Ar port . +.Fl KD Oo Ar bind_address : Oc Ar port .Sm on +for dynamic port-forwardings. .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand -- cgit v1.2.3 From 1bcbd0a9de64b3c633e2293c74c750908aac2af4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 22 Sep 2011 21:40:45 +1000 Subject: - okan@cvs.openbsd.org 2011/09/11 06:59:05 [ssh.1] document new -O cancel command; ok djm@ --- ChangeLog | 3 +++ ssh.1 | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ChangeLog b/ChangeLog index d1c4b3e65..f4baa4ebe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -60,6 +60,9 @@ [channels.c channels.h clientloop.c ssh.1] support cancellation of local/dynamic forwardings from ~C commandline; ok & feedback djm@ + - okan@cvs.openbsd.org 2011/09/11 06:59:05 + [ssh.1] + document new -O cancel command; ok djm@ 20110909 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From diff --git a/ssh.1 b/ssh.1 index 67a42cb5d..ac61326e8 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.322 2011/09/10 22:26:34 markus Exp $ -.Dd $Mdocdate: September 10 2011 $ +.\" $OpenBSD: ssh.1,v 1.323 2011/09/11 06:59:05 okan Exp $ +.Dd $Mdocdate: September 11 2011 $ .Dt SSH 1 .Os .Sh NAME @@ -393,6 +393,8 @@ Valid commands are: (check that the master process is running), .Dq forward (request forwardings without command execution), +.Dq cancel +(cancel forwardings), .Dq exit (request the master to exit), and .Dq stop -- cgit v1.2.3