proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
openssh tries to be smarter than its users and refuses to accept IP adresses from our default remote_dns_subnet.
this patch fixes it:
--- openssh-8.4p1.org/sshconnect.c
+++ openssh-8.4p1/sshconnect.c
@@ -755,10 +755,13 @@
/*
* Turn off check_host_ip if the connection is to localhost, via proxy
- * command or if we don't have a hostname to compare with
+ * command or if we don't have a hostname to compare with, or
+ * if PROXYCHAINS-NG is active and the ip starts with "224."
+ * (default remote-dns subnet).
*/
if (options.check_host_ip && (local ||
- strcmp(hostname, ip) == 0 || options.proxy_command != NULL))
+ strcmp(hostname, ip) == 0 || options.proxy_command != NULL ||
+ (strncmp(ip, "224.", 4) == 0 && getenv("PROXYCHAINS_CONF_FILE"))))
options.check_host_ip = 0;
host_hostkeys = init_hostkeys();
since "options.check_host_ip" sounds like a configurable setting, there may also be a way to disable the misfeature using the openssh config file. post here if you know how.
openssh tries to be smarter than its users and refuses to accept IP adresses from our default remote_dns_subnet.
this patch fixes it:
since "options.check_host_ip" sounds like a configurable setting, there may also be a way to disable the misfeature using the openssh config file. post here if you know how.