openssh ssh2 with socks: No address associated to the name

From: george young (gry@ll.mit.edu)
Date: 01/17/02


From: george young <gry@ll.mit.edu>
Date: Thu, 17 Jan 2002 15:52:51 -0500


[openssh-3.1.0, Linux 2.2.14]
When trying to ssh to an outside machine from inside our firewall via socks:

   SSH_SOCKS_SERVER=socks://gry@llproxy:1080/155.34.0.0/32 ssh2 h00a0cce2f131.ne.mediaone.net

I get
   ssh2: FATAL: Connecting to h00a0cce2f131.ne.mediaone.net failed: No address associated to the name

This works fine if I specify the destination as an IP address. Our firewall does not
provide outside dns info, so I know a gethostbyname() will fail, but ssh shouldn't NEED
the dns info -- that's taken care of by the socks server on the firewall. I know this
because a kludgy workaround with a helper process does work.

Is there some clean way around this? Is there a way to configure the ssh socks code to not
query dns (or ignore dns failure)?

Getting dns inside our firewall is not an option :-( .

-- 
 I cannot think why the whole bed of the ocean is
 not one solid mass of oysters, so prolific they seem. Ah,
 I am wandering! Strange how the brain controls the brain!
	-- Sherlock Holmes in "The Dying Detective"



Relevant Pages

  • Re: Iptables Firewall Redhat 7.2 Slow Authentication
    ... resolve the external address i was using becuase when ssh tried to get dns ... > Ive installed Redhat 7.2 and using iptables as my firewall. ... ssh takes ...
    (comp.security.firewalls)
  • Re: Iptables Firewall Redhat 7.2 Slow Authentication
    ... resolve the external address i was using becuase when ssh tried to get dns ... > Ive installed Redhat 7.2 and using iptables as my firewall. ... ssh takes ...
    (comp.security.firewalls)
  • RE: queer dns access problem
    ... it doesn't seem that the firewall is the problem. ... not recording any traffic coming from the broken server when it tries to ... Subject: queer dns access problem ... ssh into, ...
    (RedHat)
  • Re: [fw-wiz] Is NAT in OpenBSD PF UPnP enabled or Non UPnP?
    ... >> I start by not giving logins and SSH access to users I don't trust. ... a network topology which goes around the ... >> firewall and thus is a serious hole to network security. ... >> have access via UPnP to, well, anything that device might happen to ...
    (Firewall-Wizards)
  • Website setup questions.
    ... Create firewall rule to direct HTTP port 80 to the SBS External NIC ... Create firewall rule to point DNS port 53 to the SBS External NIC ... NICS to get this request to not timeout or be refused. ...
    (microsoft.public.windows.server.sbs)