lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200606210107.k5L17EiG008022@asti.maths.usyd.edu.au>
Date: Wed Jun 21 02:07:53 2006
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: dns tunneling with win32 client / ProxyCommand

Stefan,

>> I do not think putty has any proxying capabilities. Have a look at
>>
>>   http://www.maths.usyd.edu.au/u/psz/ssh-with-skey
>>
>> which does essentially what you want: instead of invoking the proxy from
>> within ssh/putty, have the proxy invoke ssh/putty. ...
>
> PUTTY supports using remote proxy but it doesn't support any proxy
> command like calling a file as proxy.
> That's the method you use to establish ssh tunnel over dns. You invoke
> ssh but instruct it to use droute.pl to tunnel/route ssh connection
> over dns packets to destination
> (http://www.doxpara.com/ozymandns_src_0.1.tgz).
>
> So i can't follow what's the whole purpose to let proxy invoke ssh.
> (you must use droute.pl for establishing dns tunnel). Please explain.
> :)

You want ssh not to open the communication channel by itself (normally to
server:22), but have droute do the communicating. With UNIX (or cygwin) you
can use ProxyCommand to achieve what you want. However there is no
ProxyCommand on putty...

So what you do, is to make droute communicate "out" the way you want, and
also make it listen/accept an "incoming" connection e.g. on localhost:1234;
then tell putty to connect to localhost:1234 as the server. Your
communication will go through droute as you wanted. To make things "simple",
you do not manually start "fancy droute" and then putty, but get your "fancy
droute" to start putty once it is ready to accept a connection.

In the ProxyCommand case, you have ssh invoking droute: ssh talks to droute
which talks to remote server. What I propose is to have droute start, then
later have putty started, possibly from within droute: droute talks to
remote server and to putty; in effect putty talks to droute which talks to
remote server, same as before.

Is this clear enough now? (I often wonder if I am able to express myself
clearly: I thought this was documented in ssh-with-skey...)

Cheers, Paul

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ