Hacker News new | past | comments | ask | show | jobs | submit login

Wow, this is a security vulnerability potentially affecting me. I'm using ProxyCommand because GitHub is randomly blocked by the China GFW.



This is interesting insight, would you care to share some parts of your ssh config indicating how you use ssh over a proxy here, most likely through a VPN?


```

Host github.com

    ProxyCommand connect -H localhost:54321 %h %p
```

localhost:54321 is a SOCK5 proxy, which forwards the traffic through TLS to my VPS server.


It doesn’t affect you as it only works when your proxy string comes from an untrusted source.


Try ProxyJump instead - it’s the newer way of doing it.


ProxyJump is to connect to one SSH server by another SSH, right? It doesn't work against GFW. GFW throttles SSH traffic across borders to ensure that SSH can only be used for running commands rather than tunneling data.


Yeah I assumed that's what you were doing, since you mentioned Github blocked specifically. If you need to proxy through a protocol other than SSH, likely need to keep using ProxyCommand.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: