bugzilla-daemon at bugzilla.mindrot.org
2018-Aug-04 10:39 UTC
[Bug 2892] New: Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 Bug ID: 2892 Summary: Connections to jump hosts do not respect -4 and -6 Product: Portable OpenSSH Version: 7.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: oss at pascalj.de Created attachment 3167 --> https://bugzilla.mindrot.org/attachment.cgi?id=3167&action=edit jump host address family patch When using a jump host via ProxyJump or -J the generated proxy command is missing "-4" or "-6". The man page states that the flags "force ssh to use IPv(4|6) addresses only". Steps to reproduce: ssh -v4 -J example.com abc.example.com Actual result: ssh does not necessarily connect to example.com via IPv4 and the debug log contains: debug1: Executing proxy command: exec ssh -v -W '[abc.example.com]:22' example.com Expected result: ssh uses IPv4 for the jump host and the debug log contains: debug1: Executing proxy command: exec ssh -4 -v -W '[abc.example.com]:22' example.com The behavior was tested with portable OpenSSH 7.7 on Linux as well as on OpenBSD (see patch). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Oct-10 04:30 UTC
[Bug 2892] Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- I'm not sure about that, because it would preclude the possibility of using a different address family for the jump host and the ultimate connection - since a -4/-6 specified on the commandline would override anything in the jump ssh instance's config. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Dec-07 03:53 UTC
[Bug 2892] Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 --- Comment #2 from Damien Miller <djm at mindrot.org> --- Thinking about this some more, what I said in comment #1 is correct. It's entirely possible to have a JumpHost that want a different address family to the destination. It's possible to address this via sshd_config by explicitly setting AddressFamily for the proxy host, so I don't think implicitly passing through the commandline AF options is desirable. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Dec-16 22:49 UTC
[Bug 2892] Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 --- Comment #3 from Pascal Jungblut <oss at pascalj.de> --- Thanks for your comments. Yes, it's definitely feasible to use AddressFamily in ssh_config and this is what I ended up doing. My confusion came from the man page descriptions of -4 and -6. I'm not sure whether changing the man page would make much sense. It might be irrelevant for the majority of users, but right now the flag does not do what the manual says. Regarding the problem of overriding ssh_config: -4/-6 will also override AddressFamily for the target host (with or without -J). I'd argue that the opposite (of comment #2) is at least equally consistent: -4 forces AF_INET on all connections and if I wanted only the target host but not the jump hosts to use IPv4, then I should specify that in ssh_config for the target. Feel free to close this issue if you think the current implementation acts correctly. It was just an inconsistency I stumbled upon while working with poorly configured hosts. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jan-22 11:53 UTC
[Bug 2892] Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #4 from Damien Miller <djm at mindrot.org> --- I don't think I want to go down the road of making commandline options affect ProxyJump hosts - there's too many interactions and too much loss of control (consider, passing a command-line option would generally preclude the ability to specify something in the config file). I've committed some manpage changes to make it more explicit that users should set jump host configuration via ~/.ssh/config rather than using the commandline. Hopefully that is enough... -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:11 UTC
[Bug 2892] Connections to jump hosts do not respect -4 and -6
https://bugzilla.mindrot.org/show_bug.cgi?id=2892 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.