Re: VNC over SSH and SOCKS

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 02/07/04

  • Next message: PT Wang: "Re: Windows + Cygwin question"
    Date: Fri, 6 Feb 2004 23:34:33 +0000 (UTC)
    
    

    In article <pan.2004.02.05.16.59.06.881922@yoyodyne.net>,
    SKH <skh@yoyodyne.net> wrote:
    [snip]
    >then I get a shell in B, just as I do with
    >
    > runsocks ssh B
    >
    > Now as far as port forwarding is concerned, runsocks seems to interfere
    >destructively with SSH. Indeed
    >
    > runsocks ssh -L x:localhost:y FIP
    >
    >seems to fail all the time, in the same way, no matter what port numbers x
    >and y I use.
    [snip]

    There are two possible causes for this.

    The first is that some "ssh" binaries are setuid root (because they need
    to bind() to low-numbered ports and need to read the host private key
    for some authentication methods). runsocks uses LD_PRELOAD to intercept
    the function calls for connect() and friends, and for safety reasons
    setuid binaries do not honour LD_PRELOAD.

    The second possibility is the socks config itself. Assuming an NEC-style
    config, if you have something like this in your libsocks5.conf:
    #proxy cmd dest-host dest-port [userlist [proxylist]]
    socks5 - - - - socks.my.com:1080

    Then the "cmd" of "-" is a wildcard that means "send all operations
    *INCLUDING* the bind() to the socks server".

    Attempting to establish a port forward with this configuration will
    attempt to create a listening socket on your socks server which may
    not permit it.

    If this is the can you can change "cmd" to "c" to socksify only the
    connect() calls and not bind(), which will probably work.

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
        Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: PT Wang: "Re: Windows + Cygwin question"