Has anyone heavily exercised the TCP connection forwarding features in openssh? I use this feature quite extensively for secure web surfing. I run a ssh command like this: ssh -c blowfish -L3128:127.0.0.1:3128 squidmachine Then I set up Netscape on my local machine to use 127.0.0.1:3128 as a proxy server. Needless to say, this exercises the TCP connection forwarding feature quite heavily. This worked quite reliably with ssh 1.2.26, but it seems to hang a lot when I use open SSH. Before I dig into the problem, has anyone else out there heavily exercised TCP port forwarding in openssh? Phil
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 30 Dec 1999, Phil Karn wrote:> Has anyone heavily exercised the TCP connection forwarding features > in openssh?No. I have performed casual testing with telnet and fowards to SMTP and pop ports, but nothing high traffic.> I use this feature quite extensively for secure web surfing. I run > a ssh command like this: > > ssh -c blowfish -L3128:127.0.0.1:3128 squidmachineI might give this a go myself. Thanks, Damien Miller - -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4a9/TormJ9RG1dI8RAt8CAJ9fQUpxTutpbyp+agUAykbNXNsBnQCfbIPQ u46ip9uH08I3M4ZkCPygEns=CyuO -----END PGP SIGNATURE-----
On Thu, Dec 30, 1999 at 02:22:09AM -0800, Phil Karn wrote:> Before I dig into the problem, has anyone else out there heavily > exercised TCP port forwarding in openssh?yes, i experience this, too, but no, i did not look into this yet. i am using portforwarding for connections to webproxies, too. i think, the problem has been fixed in ssh-1.2.2x since i remember having the same problem with older versions of the 1.2.x family. note that all the forwarded channels are locked, but you still can control ssh with the ~ escape character and list all forwarded connections. -markus Supported escape sequences: ~. - terminate connection ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
(I just subscribed and am replying to a message found in the archive. I apologize for any malformed headers or quotations.) On Jan 2, 2000 at 12:42, Markus Friedl wrote:> On Thu, Dec 30, 1999 at 02:22:09AM -0800, Phil Karn wrote: > > Before I dig into the problem, has anyone else out there heavily > > exercised TCP port forwarding in openssh? > yes, i experience this, too, but no, i did not look into this yet. > i am using portforwarding for connections to webproxies, too. > i think, the problem has been fixed in ssh-1.2.2x since i remember > having the same problem with older versions of the 1.2.x family.Do you believe it to be a server or client-side issue? I'm having trouble port forwarding (remote access to CVS) from an F-Secure SSH client for MacOS to a server running openSSH 1.2. I can't reproduce this error with other client platforms (Other MacOS SSH programs don't support port-forwarding), so it might be an issue with the client, though the client worked with the 1.2.27 server. Here's the logs, any input anyone would have would be greatly appreciated. Dec 30 16:41:47 zathras sshd[8693]: log: Connection from 192.168.5.2 port 2057 Dec 30 16:41:47 zathras sshd[8693]: log: PAM Password authentication accepted for "username" Dec 30 16:41:47 zathras PAM_pwdb[8693]: (sshd) session opened for user username by (uid=0) Dec 30 16:42:07 zathras sshd[8693]: log: Packet integrity error (37 != 42) at channels.c:975 Dec 30 16:42:07 zathras sshd[8693]: fatal: Local: Packet integrity error. (29) Dec 30 16:42:07 zathras PAM_pwdb[8693]: (sshd) session closed for user username -- Rob Russell, Senior Computer Systems Manager rrussell at cibnetwork.com Canadian Internet Broadcasting Network office: (613) 727.4818 x206 Reseau de Diffusion Internet du Canada cel: 282.7885 fax: 727.9366