Re: Connect direct and fallback

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 18/02/2022 12:15, Darren Tucker wrote:
Other than the ProxyUseFdpass part you can do that with a shell one
liner in ProxyCommand and netcat:

ProxyCommand sh -c 'nc %h %p || nc --proxy lsocksserver:1080
--proxy-type=socks4 %h %p'

Just a quick follow-up to this: I found that macOS 12.2.1's "nc" command is broken when using a SOCKS5 proxy and the proxy returns an IPv6 bind address.

  X -----------> Y --------------> Z
macOS          SOCKS5   IPv6     target
 nc            server

$ nc -X 5 -x 1.2.3.4:1080 2001:db8::1 22
�ݐSSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
^^
(Notice the extra spurious bytes in response)

Checking with tcpdump I see the exchange as:

--> 05 01 00
<-- 05 00
--> 05 01 00 04 ZZ(x16) 00 16    [connect, ATYP 4 = IPv6 address/port]
<-- 05 00 00 04 YY(x16) PP PP    [success, ATYP 4 = IPv6 bind address/port]
<-- start of data

This is the case with two standalone SOCKS5 servers I tried: dante and Mikrotik.

Interestingly, the problem doesn't manifest when using ssh -D as the proxy server.

$ ssh -D 1080 Y
...

$ nc -X 5 -x localhost:1080 2001:db8::1 22
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4

--> 05 01 00
<-- 05 00
--> 05 01 00 04 ZZ(x16) 00 16        [connect, ATYP 4 = IPv6 address]
<-- 05 00 00 01 00 00 00 00 00 00    [success, ATYP 1 = IPv4 bind address 0.0.0.0:0]
<-- start of data

That is, ssh -D always returns IPv4 0.0.0.0:0 as the bind address/port, even if the target is reached via IPv6, and regardless of whether localhost is 127.0.0.1 or ::1.  It appears macOS's /usr/bin/nc is hard-coded to expect that.

Workaround is to switch to "ncat" (from the makers of "nmap") which works correctly.  Homebrew also has "netcat" and "netcat6" packages, but neither of those support SOCKS.  With ncat, the connection fallback works.

Anyway, I just thought I'd mention it in case it trips up anyone else.

Regards,

Brian.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux