From konq-bugs Fri Jun 29 01:08:28 2007 From: Kurt Pfeifle Date: Fri, 29 Jun 2007 01:08:28 +0000 To: konq-bugs Subject: [Bug 147340] New: Add support for "ssh -D ..."-type of "poor man's Message-Id: <20070629030826.147340.pfeifle () kde ! org> X-MARC-Message: https://marc.info/?l=konq-bugs&m=118307932006999 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. http://bugs.kde.org/show_bug.cgi?id=147340 Summary: Add support for "ssh -D ..."-type of "poor man's Socks proxy" to Konqueror Product: konqueror Version: unspecified Platform: SuSE RPMs OS/Version: Linux Status: NEW Severity: wishlist Priority: NOR Component: general AssignedTo: konq-bugs kde org ReportedBy: pfeifle kde org Version: 3.5.7 ("release 47.1" openSUSE) (using KDE KDE 3.5.7) Installed from: SuSE RPMs OS: Linux Lately I'm forced to use a "Socks" proxy quite often in order to (1) get an Internet connection at all through a firewall, (2) or in order to make it more secure when on an unsecure network (like public hotspot in hotel/airport/etc.)., (3) or in order to access services on ports that the proxy is not configured to serve (irc://, news://, ...) The way I set it up is this: (a) create an encrypted SSH connection to a secure remote host using the (little known "-D portnumber" parameter to ssh command): ssh -i ~/.ssh/remote.key -p 8080 kurt remotehost -N -D 28080 -f Above command... ...connects to me to remotehost:8080, ...(which is allowed by proxy), ...because remotehost has sshd configured to listen there, ..."-f" backgrounds the connection, ..."-N" tells it to not execute any command, ..."-D" creates a 'dynamic' application-level portforwarding from local port :28080, "-D portnumber" can be said to provide "poor man's Socks4/Socks5 proxy" handled by SSH. (b) For the proxy configuration in Firefox and Thunderbird I use this setting: +-----------------------------------------------------------------+ | | | [x] Manual Proxy Configuration | | | | HTTP Proxy:[..............................] Port:[0......] | | [.] Use this proxy for all protocols | | | | SSL Proxy:[..............................] Port:[0......] | | FTP Proxy:[..............................] Port:[0......] | | Gopher Proxy:[..............................] Port:[0......] | | SOCKS Host:[..localhost...................] Port:[.28080.] | | | +-----------------------------------------------------------------+ It works beautifully.... if I use Firefox and Thunderbird or even Inter- net Explorer in Wine! (By adding "-g" to the ssh command line, (I can even enable my local socks proxy to accept and pass on requests from other local computers using software that is socks-enabled...) Unfortunately.... this.does.not.work.in.KDE ! I can't figure out how Socks proxy support is supposed to work *at* *all* in KDE (see screenshot)! (Probably, in an attempt to make it "magically work" with auto-configuration only and hiding the ugly details from the user, one can't even simply set a proxy name/ip-address and port when it comes to the Socks protocol. Why is this? Why is this so different from the handling of http-, https-, ftp- and gopher-proxies?! Here is how the same configuration dialog looks in Konqueror (as you may be well aware): +-- Servers ------------------------------------------------------+ | | | HTTP:[..............................] Port:[0......] | | HTTPS:[..............................] Port:[0......] | | FTP:[..............................] Port:[0......] | | | | [.] Use same proxy server for all protocols | | | +-----------------------------------------------------------------+ The Socks proxy configuration is outsourced to a separate tab. It looks like this: +-----------------------------------------------------------------+ | | | [x] Enable SOCKS support | | | | +--SOCKS Implementation-------------------------------------+ | | | | | | | [x] Auto detect [.] NEC SOCKS [.] Dante | | | | | | | | [.] Use custom library | | | | | | | | Path: [...........................................] | | | | | | | +-----------------------------------------------------------+ | | | | +--Additional library search paths--------------------------+ | | | | | | | | | | | | | | | | | | | | | | +-----------------------------------------------------------+ | | +-------+ | | | Test | | | +-------+ | +-----------------------------------------------------------------+ WTF?! Does *anyone* who has not coded this part understand how this is supposed to work?! (I challenge you to find 5 people at aKademy who can...) This proxy configuration module does not even have *any* documentation about how it is supposed to work (at least I could locate none); not even the most minimal [meaningful!] "WhatsThis" help... (I must admit the "test" button works beautifully... it always reports "Success: SOCKS was found and initialized." whatever settings I try there. But alas!, no real Socks proxy connection for Konqui! No save Internet access with KDE on public hotspots for me. No news:// access to the CUPS and Linuxprinting.org forums with KNode when I work on a customer site with a fascist proxy/firewall in place (I succeed in most cases to have my customers grant me an outward SSH connection to my trusted "remotehost" before I ever start travelling to their sites). ############## So, sad as it is, I can't use KMail, Kontact, Kopete, Konqueror and have to limit myself to Firefox and Thunderbird and Internet Explorer (for most cases where I access the Internet). Please, I have 2 urgent wishes: (a) fix that for KDE4; make it so that as many as possible KDE4 appli- cations can take advantage of this "poor man's Socks proxy via SSH" (b) backport it to KDE 3.5 Thanks for considering! -- Kurt Pfeifle System & Network Printing Consultant ---- Linux/Unix/Windows/Samba/CUPS Infotec Deutschland GmbH ..................... Hedelfinger Strasse 58 A RICOH Company ........................... D-70327 Stuttgart/Germany _______________________________________________ Konq-bugs mailing list Konq-bugs@mail.kde.org https://mail.kde.org/mailman/listinfo/konq-bugs