diff options
| author |   markus <markus@openbsd.org> | 2016-09-30 09:19:13 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2016-09-30 09:19:13 +0000 |
| commit | e5d0575211d5043584294c9623fed8c14f595809 (patch) | |
| tree | 841dc81c7632cd9687a45f06b4588d612a3fa234 /usr.bin/ssh/ssh.c | |
| parent | Set the device rate to the calculated rate. Otherwise, the signal (diff) | |
| download | wireguard-openbsd-e5d0575211d5043584294c9623fed8c14f595809.tar.xz wireguard-openbsd-e5d0575211d5043584294c9623fed8c14f595809.zip | |
ssh proxy mux mode (-O proxy; idea from Simon Tatham):
- mux client speaks the ssh-packet protocol directly over unix-domain socket.
- mux server acts as a proxy, translates channel IDs and relays to the server.
- no filedescriptor passing necessary.
- combined with unix-domain forwarding it's even possible to run mux client
and server on different machines.
feedback & ok djm@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 2425543e25e..d6395d412f2 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.446 2016/09/12 23:31:27 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.447 2016/09/30 09:19:13 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -198,10 +198,6 @@ static int ssh_session2(void); static void load_public_identity_files(void); static void main_sigchld_handler(int); -/* from muxclient.c */ -void muxclient(const char *); -void muxserver_listen(void); - /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */ static void tilde_expand_paths(char **paths, u_int num_paths) @@ -638,6 +634,8 @@ main(int ac, char **av) muxclient_command = SSHMUX_COMMAND_STOP; else if (strcmp(optarg, "cancel") == 0) muxclient_command = SSHMUX_COMMAND_CANCEL_FWD; + else if (strcmp(optarg, "proxy") == 0) + muxclient_command = SSHMUX_COMMAND_PROXY; else fatal("Invalid multiplex command."); break; @@ -1131,7 +1129,8 @@ main(int ac, char **av) tty_flag = options.request_tty != REQUEST_TTY_NO; /* Force no tty */ - if (options.request_tty == REQUEST_TTY_NO || muxclient_command != 0) + if (options.request_tty == REQUEST_TTY_NO || + (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY)) tty_flag = 0; /* Do not allocate a tty if stdin is not a tty. */ if ((!isatty(fileno(stdin)) || stdin_null_flag) && @@ -1206,8 +1205,16 @@ main(int ac, char **av) if (muxclient_command != 0 && options.control_path == NULL) fatal("No ControlPath specified for \"-O\" command"); - if (options.control_path != NULL) - muxclient(options.control_path); + if (options.control_path != NULL) { + int sock; + if ((sock = muxclient(options.control_path)) >= 0) { + packet_set_connection(sock, sock); + ssh = active_state; /* XXX */ + enable_compat20(); /* XXX */ + packet_set_mux(); + goto skip_connect; + } + } /* * If hostname canonicalisation was not enabled, then we may not @@ -1394,6 +1401,7 @@ main(int ac, char **av) options.certificate_files[i] = NULL; } + skip_connect: exit_status = compat20 ? ssh_session2() : ssh_session(); packet_close(); @@ -1904,7 +1912,8 @@ ssh_session2(void) ssh_init_forwarding(); /* Start listening for multiplex clients */ - muxserver_listen(); + if (!packet_get_mux()) + muxserver_listen(); /* * If we are in control persist mode and have a working mux listen |