Skip to content

Instantly share code, notes, and snippets.

@Zibri
Last active Mar 11, 2020
Embed
What would you like to do?
Patch for openssh adding option "-Z" so specify source port of connection of both ssh and scp)
diff -u openssh-7.6p1/scp.c openssh-7.6p1Z/scp.c
--- openssh-7.6p1/scp.c 2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/scp.c 2020-01-15 17:19:37.699437700 +0200
@@ -153,6 +153,9 @@
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = _PATH_SSH_PROGRAM;
+/* This is used to store the source_port specified by -Z */
+char *source_port = NULL;
+
/* This is used to store the pid of ssh_program */
pid_t do_cmd_pid = -1;
@@ -287,6 +290,10 @@
addargs(&args, "-l");
addargs(&args, "%s", remuser);
}
+ if (source_port != NULL) {
+ addargs(&args, "-Z");
+ addargs(&args, "%s", source_port);
+ }
addargs(&args, "--");
addargs(&args, "%s", host);
addargs(&args, "%s", cmd);
@@ -336,6 +343,10 @@
addargs(&args, "-l");
addargs(&args, "%s", remuser);
}
+ if (source_port != NULL) {
+ addargs(&args, "-Z");
+ addargs(&args, "%s", source_port);
+ }
addargs(&args, "--");
addargs(&args, "%s", host);
addargs(&args, "%s", cmd);
@@ -412,7 +423,7 @@
fflag = Tflag = tflag = 0;
while ((ch = getopt(argc, argv,
- "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
+ "dfl:prtTvBCc:i:P:q12346S:Z:o:F:")) != -1) {
switch (ch) {
/* User-visible flags. */
case '1':
@@ -466,6 +477,9 @@
case 'S':
ssh_program = xstrdup(optarg);
break;
+ case 'Z':
+ source_port = xstrdup(optarg);
+ break;
case 'v':
addargs(&args, "-v");
addargs(&remote_remote_args, "-v");
@@ -1565,6 +1579,7 @@
(void) fprintf(stderr,
"usage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
" [-l limit] [-o ssh_option] [-P port] [-S program]\n"
+ " [-Z source_port]\n"
" [[user@]host1:]file1 ... [[user@]host2:]file2\n");
exit(1);
}
Only in openssh-7.6p1Z: scp.c.orig
Only in openssh-7.6p1Z: scp.c.rej
diff -u openssh-7.6p1/ssh.c openssh-7.6p1Z/ssh.c
--- openssh-7.6p1/ssh.c 2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/ssh.c 2020-01-15 17:16:07.348847900 +0200
@@ -168,6 +168,9 @@
*/
char *host;
+/* source port specified by -Z */
+char *source_port = NULL;
+
/* socket address the host resolves to */
struct sockaddr_storage hostaddr;
@@ -203,6 +206,7 @@
" [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"
" [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]\n"
" [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]\n"
+" [-Z source_port]\n"
" [user@]hostname [command]\n"
);
exit(255);
@@ -612,7 +616,7 @@
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
- "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+ "ACD:E:F:GI:J:KL:MNO:PQ:R:S:Z:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
fatal("SSH protocol v.1 is no longer supported");
@@ -911,9 +915,13 @@
case 's':
subsystem_flag = 1;
break;
- case 'S':
- free(options.control_path);
- options.control_path = xstrdup(optarg);
+ case 'S':
+ free(options.control_path);
+ options.control_path = xstrdup(optarg);
+ break;
+ case 'Z':
+ free(source_port);
+ source_port = xstrdup(optarg);
break;
case 'b':
options.bind_address = optarg;
diff -u openssh-7.6p1/sshconnect.c openssh-7.6p1Z/sshconnect.c
--- openssh-7.6p1/sshconnect.c 2020-01-15 17:20:57.000000000 +0200
+++ openssh-7.6p1Z/sshconnect.c 2020-01-15 17:16:07.369341400 +0200
@@ -78,6 +78,7 @@
/* import */
extern Options options;
extern char *__progname;
+extern char *source_port;
extern uid_t original_real_uid;
extern uid_t original_effective_uid;
@@ -287,16 +288,16 @@
fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
- if (options.bind_address == NULL && !privileged)
+ if (options.bind_address == NULL && !privileged && source_port == NULL)
return sock;
- if (options.bind_address) {
+ if (options.bind_address || source_port) {
memset(&hints, 0, sizeof(hints));
hints.ai_family = ai->ai_family;
hints.ai_socktype = ai->ai_socktype;
hints.ai_protocol = ai->ai_protocol;
hints.ai_flags = AI_PASSIVE;
- gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+ gaierr = getaddrinfo(options.bind_address, source_port, &hints, &res);
if (gaierr) {
error("getaddrinfo: %s: %s", options.bind_address,
ssh_gai_strerror(gaierr));
How to use:
$ sudo apt install -y build-essential zlib1g-dev libssl1.0-dev libkrb5-dev libpam-dev
$ mkdir openssh; cd openssh
$ apt source openssh
$ cd openssh-*
$ wget https://gist.githubusercontent.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh.patch
$ patch -p1 -i zibri_ssh.patch
$ ./configure --with-pam --with-kerberos5 --prefix=/usr
$ make -j6 && sudo rm /usr/share/man/man5/authorized_keys.5 ;sudo make install
Or you can just do:
$ wget -q -O - "https://gist.github.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh_patch.install?t=$(date +%s)"|bash
Enjoy!
Zibri
#!/bin/bash
sudo apt install -y build-essential zlib1g-dev libssl1.0-dev libkrb5-dev libpam-dev
temp=$(mktemp -d 2>/dev/null /dev/shm/ssh.XXX || mktemp -d 2>/dev/null /tmp/ssh.XXX)
opwd=$PWD
cd $temp
apt source openssh
cd openssh-*
wget -q "https://gist.githubusercontent.com/Zibri/0e01302cf2604b689c32388eaebf347b/raw/zibri_ssh.patch?t=$(date +%s)" -O zibri_ssh.patch
patch -p1 -i zibri_ssh.patch
sed -i "s/200\*)/101\*)/" configure
./configure --with-pam --with-kerberos5 --prefix=/usr
make -j8 && sudo rm /usr/share/man/man5/authorized_keys.5;sudo make install;cd $opwd &>/dev/null;rm -rf "$temp"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment