Re: VNC over SSH and SOCKS
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: Fri, 6 Feb 2004 23:34:33 +0000 (UTC)
In article <firstname.lastname@example.org>,
SKH <email@example.com> wrote:
>then I get a shell in B, just as I do with
> runsocks ssh B
> Now as far as port forwarding is concerned, runsocks seems to interfere
>destructively with SSH. Indeed
> runsocks ssh -L x:localhost:y FIP
>seems to fail all the time, in the same way, no matter what port numbers x
>and y I use.
There are two possible causes for this.
The first is that some "ssh" binaries are setuid root (because they need
to bind() to low-numbered ports and need to read the host private key
for some authentication methods). runsocks uses LD_PRELOAD to intercept
the function calls for connect() and friends, and for safety reasons
setuid binaries do not honour LD_PRELOAD.
The second possibility is the socks config itself. Assuming an NEC-style
config, if you have something like this in your libsocks5.conf:
#proxy cmd dest-host dest-port [userlist [proxylist]]
socks5 - - - - socks.my.com:1080
Then the "cmd" of "-" is a wildcard that means "send all operations
*INCLUDING* the bind() to the socks server".
Attempting to establish a port forward with this configuration will
attempt to create a listening socket on your socks server which may
not permit it.
If this is the can you can change "cmd" to "c" to socksify only the
connect() calls and not bind(), which will probably work.
-- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.