channel_still_open() does not count "larval" channels as open. If the
server
sets up a protocol 2 connection with no remote command (as with "ssh -N
..."),
the "server-session" channel remains larval, and the server exits as
soon as
it notices that there are no open channels besides this one. Typically, it
exits right after the first use of a port forwarding closes.
Below I'm appending a post I just made to comp.security.ssh, with a patch
which fixes the problem. I don't know if it's the right thing to do,
though.
I'm guessing that not counting larval channels might have been a mistake.
Perhaps counting them will cause some other problem, though, and the right fix
is something else?
--
Richard Silverman
slade at shore.net
===========================================================================Newsgroups:
comp.security.ssh
Subject: Re: POP3 Tunnel Closes on Second Connection
References: <3AC4AAE0.4EE58BE9 at well.com>
From: slade at shore.net (Richard E. Silverman)
Date: 05 Apr 2001 03:56:34 -0400
Message-ID: <m1llmpfye31.fsf at syrinx.oankali.net>
Lines: 40
> We have set up a local server to tunnel pop3 connections to our
"real"
> mail server, using ssh2 local port forwarding:
>
> ssh -f -g -l {user} -L 110:mailserver:110 -N -P mailserver
>
> The first time we make a pop3 connection to the local server, everything
> works fine: the connection is forwarded across the ssh tunnel to the
> remote mail server, and we retrieve our mail. The second time we attempt
> a pop3 connection, the remote mail server drops the ssh connection.
>
> What is going on? What is the fix?
This appears to be a bug; it doesn't happen if you e.g. remove the -f -N.
The problem is that without a session channel, OpenSSH uses a sort of
placeholder channel of a special internal type which does not get counted
as "open", so sshd thinks that all channels are closed and exits. I
think
the fact you get even one chance is an accident.
A quick fix is this:
--- channels.c Thu Apr 5 03:53:30 2001
+++ channels.c.new Thu Apr 5 03:54:56 2001
@@ -1503,7 +1503,6 @@
case SSH_CHANNEL_LARVAL:
if (!compat20)
fatal("cannot happen:
SSH_CHANNEL_LARVAL");
- continue;
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_X11_OPEN:
(That is, remove the "continue" statement.)
I'm not 100% sure this is the right fix, though; I'm going to post to
the
OpenSSH developers list and see what they say.
--
Richard Silverman
slade at shore.net
============================================================================