bugzilla-daemon at mindrot.org
2003-Nov-09 02:57 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 Summary: sshd does not support global request cancel-tcpip- forward Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: z3p at twistedmatrix.com The SSHv2 connection draft specifies a global request 'cancel-tcpip-forward' which will cancel a remote->local TCP/IP forwarding connection. sshd does not understand this request. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-09 04:32 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From djm at mindrot.org 2003-11-08 21:32 ------- Created an attachment (id=494) --> (http://bugzilla.mindrot.org/attachment.cgi?id=494&action=view) Attempt at cancel-tcpip-forward support Please give this diff a try. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-10 00:36 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From z3p at twistedmatrix.com 2003-11-09 17:35 ------- Nope. It appears that the issue is that channel_cancel_rport_listener only closes open remote->local forwarding channels. If there are no channels open for forwarding, then nothing happens. What should happen is that the socket listening on the remote port should be closed so that attempts to connect to that port fail. As it stands, remote->local forwarding requests are still passed on to the client even after cancel-tcpip-forward. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-11 21:33 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From markus at openbsd.org 2003-11-11 14:33 ------- are you sure? the patch looks ok to me, since only the listen socket will have type SSH_CHANNEL_RPORT_LISTENER. forwarded connections will have a different type. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-11 22:59 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From z3p at twistedmatrix.com 2003-11-11 15:59 ------- Yes, I've tried the patch and the problem still exists. Netstat shows the listening socket before and after the cancel-tcpip-forward, and the server still passes on a forwarded-tcpip request to the client. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-17 11:44 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From djm at mindrot.org 2003-11-17 04:44 ------- Please attach a debug output "sshd -d -d -d" from a patch sshd, receiving a cancel message. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-21 16:31 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From z3p at twistedmatrix.com 2003-11-21 09:31 ------- Created an attachment (id=505) --> (http://bugzilla.mindrot.org/attachment.cgi?id=505&action=view) Log of a connection with cancel-tcpip-forwarding ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-21 23:56 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From djm at mindrot.org 2003-11-21 16:56 ------- hm, try cancelling 127.0.0.1:8080 - unless you have GatewayPorts=yes ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-22 07:01 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From z3p at twistedmatrix.com 2003-11-22 00:01 ------- The log shows that I ask for forwarding to be listening on all interfaces by binding to '0.0.0.0'. If sshd ignores this and binds to 127.0.0.1, how else do I indicate ports to listen on all interfaces? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-22 07:06 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From djm at mindrot.org 2003-11-22 00:06 ------- You specify GatewayPorts=yes on the server. This is off by default as server administrators may not want random users to be able to listen on arbitrary high-numbered ports. I'll probably correct the patch so that it closes the forwardings based on the original forward request rather than the listening address, but I'd like to see if it works first. Does it work if you ask to cancel 127.0.0.1:8080? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-22 07:48 UTC
[Bug 756] sshd does not support global request cancel-tcpip-forward
http://bugzilla.mindrot.org/show_bug.cgi?id=756 ------- Additional Comments From z3p at twistedmatrix.com 2003-11-22 00:48 ------- Nope, doesn't work even I cancel forwarding for 127.0.0.1:1080. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Possibly Parallel Threads
- [Bug 817] Opening >1 session and shell results in the MOTD being repeated
- [Bug 916] SFTP over SSH died after roughly 20MB when asking for >64k chunks
- 'cancel-tcpip-forward' is not supported.
- bind_address ignored? as in "ssh -R [bind_address]:12491:127.0.0.1:500"
- About postgresql tcpip connection