bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-07 08:27 UTC
[Bug 1804] New: ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 Summary: ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: Walter.Pfannenmueller at siemens.com Starting ssh with the option -R 127.0.0.2:10443:<dest ip>:443 results in opening listeners on the <dest ip> with listener ip 127.0.0.1, ::1 and not 127.0.0.2 Adding the following code to channels.c after line 2660 } else if (host) { addr = listen_addr; results in having the sshd start the 127.0.0.2 listener. Maybe there has to be some check against the GatewayPorts option as well. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-07 17:17 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- What is the setting of GatewayPorts on the server? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-08 08:08 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 --- Comment #2 from Walter.Pfannenmueller at siemens.com --- It is the default setting: #GatewayPorts no Client command: ssh -R 127.0.0.2:10000:<whatever>:443 target yields on the target tcp 0 0 127.0.0.1:10000 0.0.0.0:* LISTEN Setting GatewayPorts yes results in tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN Therefore I prefer "no". -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-08 08:21 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- You want "GatewayPorts clientspecified". -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-08 08:43 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 --- Comment #4 from Walter.Pfannenmueller at siemens.com --- I'm not sure. Just reading the ssh man pages for -R -R [bind_address:]port:host:hostport .... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled (see sshd_config(5)). tells me, my specified bind_address will only succeed, if GatewayPorts is enabled. But this means all Port forwarding will result in global listeners on the target machine. This is not, what I want. Therefore a suggestion for a solution might be: GatewayPorts no: Allow and use bind_address only if it is a localhost (e.g. 127.*) address. GatewayPorts yes: just use bind_address. But you probably should change the man pages as well, then. Please tell me, if I'm totally wrong. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-08 16:37 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 --- Comment #5 from Damien Miller <djm at mindrot.org> --- from sshd_config(5):> GatewayPorts > Specifies whether remote hosts are allowed to connect to ports > forwarded for the client. By default, sshd(8) binds remote port > forwardings to the loopback address. This prevents other remote > hosts from connecting to forwarded ports. GatewayPorts can be > used to specify that sshd should allow remote port forwardings to > bind to non-loopback addresses, thus allowing other hosts to > connect. The argument may be ``no'' to force remote port > forwardings to be available to the local host only, ``yes'' to > force remote port forwardings to bind to the wildcard address, or > ``clientspecified'' to allow the client to select the address to > which the forwarding is bound. The default is ``no''.Have you tried setting GatewayPorts=clientspecified? It does exactly what you are asking for. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-08 17:52 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 Walter.Pfannenmueller at siemens.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #6 from Walter.Pfannenmueller at siemens.com --- I tried it now and it does work as I expect. Thanks a lot. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-27 00:28 UTC
[Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
https://bugzilla.mindrot.org/show_bug.cgi?id=1804 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Darren Tucker <dtucker at zip.com.au> --- With the release of OpenSSH 5.6p1 this bug is now considered closed. If you have further problems please reopen or file a new bug as appropriate. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- bind_address ignored? as in "ssh -R [bind_address]:12491:127.0.0.1:500"
- [Bug 2592] New: -R bind_address not working, always bind 0.0.0.0
- [Bug 1804] ssh option -R 127.0.0.2:10443:<dest ip>:443 does not work
- BUG: opens all interfaces.
- [Bug 2473] New: sshd and -R port forwardings on 127.0.0.0/8