openssh bugs - Jul 2021 - [Bug 3333] New: Both Local Port forwarding and Remote port forwarding at openSSH working is not a right case, if SSH Client is on Remote port forwarding

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

            Bug ID: 3333
           Summary: Both Local Port forwarding and Remote port forwarding
                    at openSSH working is not a right case, if SSH Client
                    is on Remote port forwarding
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pshimoga at gmail.com

Target solution:
Applications (client and server) to run over SSH port forwarding /
tunnel setup (SSH client  and Server).
----------------------------------------------------------------------
Issue: OpenSSH at server side need to port forward only for Remote port
forwarding requests when the client SSH is on -L mode, but with 8.2p1
build, it does connect apps even on (-L) Local port forward options.
1B. Command: $SSH -R 6900:127.0.0.1:5900 ssh at 127.0.0.1
or
1B. Command: $SSH -L 6900:127.0.0.1:5900 ssh at 127.0.0.1
Comments: both commands are working.
---------------------------------------------------------------------
Question: SSH as server supporting both modes (-L) and (-R) if the SSH
as client is running (-L) option is known behavior? or does it needs a
fix. 
----------------------------------------------------------------------

TestBench:
Remote system connected with home network system via VPN.
=====================================================================Setup
details:
1. At linux machine in remote network:
1A. VNC_Server is running at port 5900 and configured to accept
connection strictly for 127.0.0.1 IP only.
Command: $./libVncServer/example/example

1B. openSSH as server in port forwarding mode is supposed to work only
for (-R) Remote port forwarding mode but it works for (-L) Local port
forwarding as well.
Command: $SSH -R 6900:127.0.0.1:5900 ssh at 127.0.0.1

---------------------------------------------------------------------
2. At windows machine in home network:
2A. openSSH as client in set in (-L) mode.
Command: ssh -L 5900:127.0.0.1:6900 <user>@<LinuxMachineIP>

2B. VNC viewer in UI settings configured to connect to 127.0.0.1 at
port 5900.

=====================================================================
-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

PavanKumar K Arakere <pshimoga at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |pshimoga at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

--- Comment #1 from PavanKumar K Arakere <pshimoga at gmail.com> ---
Setup:

VNCServer<-->OpenSSH_Server(RPF) <===>
openSSH_Client(LPF)<-->VNCClient
------------------------------------------------------------------------

Individual App details:
1. VNCServer on LinuxSystem: configured to run at 127.0.0.1 at port
5900

2. OpenSSH as Server on LinuxSystem: 
ssh -R 6900:127.0.0.1:5900 user at 127.0.0.1

3. OpenSSH as Client on Windows: 
ssh -L 5900:127.0.0.1:6900 user at LinuxSystemIP

4. VNCClient on Windows: VNCClient.exe 127.0.0.1:5900
configured to connect to 127.0.0.1 on port 5900

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
If I'm understanding your report correctly then this is working as
intended:
> 1B. Command: $SSH -R 6900:127.0.0.1:5900 ssh at 127.0.0.1
This asks ssh/sshd to forward remote port 6900 to 127.0.0.1:5900 at the
local side.
> 1B. Command: $SSH -L 6900:127.0.0.1:5900 ssh at 127.0.0.1
This asks ssh/sshd to forward local port 6900 to 127.0.0.1:5900 at the
remote side.

Since the "remote side" in both these examples is localhost, there is
no effective difference between these commands, and they could be used
interchangeably.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to PavanKumar K Arakere from comment #1)
> 2. OpenSSH as Server on LinuxSystem: 
> ssh -R 6900:127.0.0.1:5900 user at 127.0.0.1
This step in unnecessary.
> 3. OpenSSH as Client on Windows: 
> ssh -L 5900:127.0.0.1:6900 user at LinuxSystemIP
You want this instead:
$ ssh -L 5900:127.0.0.1:5900 user at LinuxSystemIP

Note that some vncviewer implmentations have ssh port forwarding
integrated with the "-via" flag.  If you have one of those you can
replace steps 2-4 with:

$ vncviewer -via user at LinuxSystemIP 127.0.0.1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3333

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing for lack of followup

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.