bugzilla-daemon at bugzilla.mindrot.org
2016-May-31 06:08 UTC
[Bug 2577] New: Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577
Bug ID: 2577
Summary: Port Forwarding on Proxy with ProxyCommand ssh -W does
not work / bad file descriptor
Product: Portable OpenSSH
Version: 7.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jan.stuehler at web.de
Port Forwarding on the proxy does not work. Debug shows "debug1:
getpeername failed: Bad file descriptor". OpenSSH_7.2p2, OpenSSL
1.0.2h-fips 3 May 2016.
Related to bug 2200 ("ssh -W causes "getsockname failed: Bad file
descriptor" errors")?
Reproduction:
~/.ssh/config:
Host jump
HostName my.dynamicdns.com
Port 2222
User user
IdentityFile ~/.ssh/user-jump_ed25519
DynamicForward 1080
Host */remote
ProxyCommand ssh -vvv -W $(dirname %h) jump 2>~/sshpc.log
Host target
HostName target
Port 22
User user
IdentityFile ~/.ssh/user-target_ed25519
ssh target/remote
(check ss -lant4 in second terminal: no listener on port 1080)
(exit ssh session)
cat sshpc.log
[...]
Authenticated to my.dynamicdns.com ([12.34.56.78]:2222).
debug3: ssh_init_stdio_forwarding: router:22
debug1: channel_connect_stdio_fwd router:22
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x10
debug1: Requesting no-more-sessions at openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
[...]
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-May-31 06:13 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577 --- Comment #1 from jan.stuehler at web.de --- replace "router" in the debug output with "target", please ;) -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-May-31 06:16 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577
jan.stuehler at web.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jan.stuehler at web.de
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jun-01 01:27 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to jan.stuehler from comment #0)> Port Forwarding on the proxy does not work.
That's deliberate. In ssh.c where it handles the 'W' option:
options.request_tty = REQUEST_TTY_NO;
no_shell_flag = 1;
options.clear_forwardings = 1;
options.exit_on_forward_failure = 1;
The reason for it is that we need to fail if we can't do the stdio
forward, and right now it's all or nothing so the second and subsequent
attempts to use use the jumphost will fail (and possibly the first too,
eg if the port is busy).
Right now because of the way the first-match options parsing works you
can't override the value by setting ClearAllForwardings=no either.
> Debug shows "debug1: getpeername failed: Bad file descriptor".
That's harmless. The port forwarding message in the protocol has a
field for the source address of the forwarded connection, and when the
forwarding code tries to look up the source address of stdin it can't,
so it uses the string "UNKNOWN" instead.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jun-01 03:21 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> --- Created attachment 2819 --> https://bugzilla.mindrot.org/attachment.cgi?id=2819&action=edit Allow ExitOnForwardFailure=no and ClearAllForwardings=no to be overridden when using -W. This patch defers the setting of ExitOnForwardFailure and ClearAllForwardings when using -W until after options parsing to allow them to be overridden either on the command line or in the config file. Please give it a try and let us know how it goes. $ ssh -W foo:123 -G bar | egrep -i 'exiton|clearall' clearallforwardings yes exitonforwardfailure yes $ ssh -W foo:123 -o clearallforwardings=no -o exitonforwardfailure=no -G bar | egrep -i 'exiton|clearall' clearallforwardings no exitonforwardfailure no -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jun-01 19:17 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577 --- Comment #4 from jan.stuehler at web.de --- Ah, that looks wonderful. You mean "patch" as in "compile from source"? This will be interesting. :) -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-20 01:00 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Blocks| |2543
Status|NEW |RESOLVED
--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
Patch has been applied and will be in the 7.3 release.
https://anongit.mindrot.org/openssh.git/commit/?id=0cb2f4c2494b115d0f346ed2d8b603ab3ba643f4
Thanks.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2543
[Bug 2543] Tracking bug for OpenSSH 7.3 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:41 UTC
[Bug 2577] Port Forwarding on Proxy with ProxyCommand ssh -W does not work / bad file descriptor
https://bugzilla.mindrot.org/show_bug.cgi?id=2577
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.