| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
At the client, the device may be obtained from a new %T expansion
for LocalCommand.
At the server, the allocated devices will be listed in a
SSH_TUNNEL variable exposed to the environment of any user sessions
started after the tunnel forwarding was established.
ok markus
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move static state to a "struct ssh_channels" that is allocated at
runtime and tracked as a member of struct ssh.
Explicitly pass "struct ssh" to all channels functions.
Replace use of the legacy packet APIs in channels.c.
Rework sshd_config PermitOpen handling: previously the configuration
parser would call directly into the channels layer. After the refactor
this is not possible, as the channels structures are allocated at
connection time and aren't available when the configuration is parsed.
The server config parser now tracks PermitOpen itself and explicitly
configures the channels code later.
ok markus@
|
| |
|
|
|
|
|
|
|
| |
- mux client speaks the ssh-packet protocol directly over unix-domain socket.
- mux server acts as a proxy, translates channel IDs and relays to the server.
- no filedescriptor passing necessary.
- combined with unix-domain forwarding it's even possible to run mux client
and server on different machines.
feedback & ok djm@
|
| |
|
|
|
| |
forwarding when the X server disables the SECURITY extension;
Reported by Thomas Hoger; ok deraadt@
|
| |
|
|
| |
and call it through the detach_user function pointer. ok djm@
|
| |
|
|
|
| |
sequence is used. This means that ~. should now work in mux clients even
if the server is no longer responding. Found by tedu, ok djm.
|
| |
|
|
|
| |
socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
the cancellation of the specified forwardings; ok markus@
|
| |
|
|
| |
forwarding was refused by the server; ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
RequestTTY=auto mode (the default), then do not treat at TTY
allocation error as fatal but rather just restore the local TTY
to cooked mode and continue. This is more graceful on devices that
never allocate TTYs.
If RequestTTY is set to "yes" or "force", then failure to allocate
a TTY is fatal.
ok markus@
|
| |
|
|
| |
its listener socket and refuse future multiplexing requests; ok markus@
|
| |
|
|
|
|
|
|
|
|
|
| |
authentication cookies to avoid fallback in X11 code to fully-trusted
implicit authentication using SO_PEERCRED described at:
http://lists.x.org/archives/xorg-devel/2010-May/008636.html
After the X11ForwardTimeout has expired the client will now refuse
incoming X11 channel opens.
based on patch from Tavis Ormandy; "nice" markus@
|
| |
|
|
|
|
| |
use with
LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
feedback and ok djm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new multiplexing code uses channels for the listener and
accepted control sockets to make the mux master non-blocking, so
no stalls when processing messages from a slave.
avoid use of fatal() in mux master protocol parsing so an errant slave
process cannot take down a running master.
implement requesting of port-forwards over multiplexed sessions. Any
port forwards requested by the slave are added to those the master has
established.
add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
document master/slave mux protocol so that other tools can use it to
control a running ssh(1). Note: there are no guarantees that this
protocol won't be incompatibly changed (though it is versioned).
feedback Salvador Fandino, dtucker@
channel changes ok markus@
|
| |
|
|
| |
small memory leak per session; plug it.
|
| |
|
|
|
|
|
|
|
| |
expect replies to, similar to the per-channel confirmation queue.
Use this queue to verify success or failure for remote forward
establishment in a race free way.
ok dtucker@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
its own escape state and hook the escape filters up to muxed
channels. bz #1331
Mux slaves do not currently support the ~^Z and ~& escapes.
NB. this change cranks the mux protocol version, so a new ssh
mux client will not be able to connect to a running old ssh
mux master.
ok dtucker@
|
| |
|
|
|
|
|
| |
making the function names more consistent - making ssh.c and
clientloop.c a fair bit more readable.
ok markus@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
with "important" channel requests that fail, in particular command exec,
shell and subsystem requests. Previously we would optimistically assume
that the requests would always succeed, which could cause hangs if they
did not (e.g. when the server runs out of fds) or were unimplemented by
the server (bz #1384)
Also, properly report failing multiplex channel requests via the mux
client stderr (subject to LogLevel in the mux master) - better than
silently failing.
most bits ok markus@ (as part of a larger diff)
|
| |
|
|
|
|
| |
tunnel device is opened. Also, make failures to open a tunnel device
fatal when ExitOnForwardFailure is active.
Reported by h.goebel AT goebel-consult.de; ok dtucker markus reyk deraadt
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
connections. Because of protocol limitations, the slave connections inherit
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
their own.
ok dtucker@ "put it in" deraadt@
|
| |
|
|
| |
later; ok deraadt@
|
| |
|
|
| |
ability to check its status and request it to exit; ok markus@
|
| | |
|
| | |
|
| |
|
|
| |
since 2.0); ok markus@
|
| |
|
|
|
| |
for ssh(1), similar to the sshd(8) option; ok beck@; with help from
jmc and dtucker@
|
| |
|
|
|
| |
depends on ordered replies.
fixes http://bugzilla.mindrot.org/show_bug.cgi?id=215; ok provos@
|
| |
|
|
| |
and out of sync
|
| |
|
|
|
| |
- () -> (void)
- no variable names
|
| | |
|
| | |
|
| |
|
|
| |
rename util.[ch] -> misc.[ch]
|
| |
|
markus
djm
dtucker
stevesk
deraadt
itojun
niklas