openssh unix dev - Nov 2005 - Can't get LocalForward to work when using ControlPath

Hello All--

First, thanks for ControlPath/ControlMaster.  It's very handy, and
ControlMaster=autoask is just what i wanted!

I'm having difficulty with a common use case, however.  I want to
LocalForward on secondary connections using an already-established
ControlPath.  From what i can tell, the second ssh connection doesn't
report any errors, but silently ignores the supplied LocalForward
arguments.

Is this an expected behavior?  from man ssh_config(5), i see that:

     X11 and ssh-agent(1) forwarding is supported over these
     multiplexed connections, however the display and agent fowarded
     will be the one belonging to the master connection i.e. it is not
     possible to forward multiple displays or agents.

But i couldn't find any reference to whether LocalForward (or for that
matter, RemoteForward or DynamicForward) should work or not work with
multiplexed connections.




For my purposes, it would be fine if the master connection opened the
new forwarded port, instead of the secondary connection, as long as
the secondary one could initiate the forwarding.  I'd like for the
secondary to be able to tear it down when it's done too, of course,
but i could do without that for now.

Here's an example of an attempt which appears to fail for me, with a
bit of debugging verbosity thrown in:

("5th" is a host with an IMAP server answering on the loopack address)

[dkg at squeak ~]$ ssh -Nf -MS ~/.ssh/controls/fubar -L 9999:localhost:143 5th
true
[dkg at squeak ~]$ ssh -vvv -Nf -S ~/.ssh/controls/fubar -L 8888:localhost:143
5th true
OpenSSH_4.2p1 Debian-5.dkg0, OpenSSL 0.9.8a 11 Oct 2005
debug1: Reading configuration data /home/dkg/.ssh/config
debug1: Applying options for 5th
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: auto-mux: Trying existing master
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug3: ssh_msg_send: type 1
debug3: ssh_msg_recv entering
debug2: Received exit status from master 0
debug2: Received EOF from master
[dkg at squeak ~]$ nmap -p 8888,9999 localhost

Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-11-11 00:04 EST
Interesting ports on localhost.localdomain (127.0.0.1):
PORT     STATE  SERVICE
8888/tcp closed sun-answerbook
9999/tcp open   abyss

Nmap finished: 1 IP address (1 host up) scanned in 0.141 seconds
[dkg at squeak ~]$ 

As you can see, the initial LocalForward (over localhost port 9999)
works just fine, but the second attempted connection (port 8888) never
happens and just mysteriously goes away without complaint.

Any suggestions or insight you have would be appreciated.


As you can see, i'm using a slightly-modified debian openssh 4.2p1-5
(only ./configure flags were changed to include opensc support) on a
debian etch/sid system.  If this works on other platforms or with
other build options, i'd be happy to hear about it.

Thanks again for this great tool,

	--dkg

On Fri, 11 Nov 2005, Daniel Kahn Gillmor wrote:
> Hello All--
>
> First, thanks for ControlPath/ControlMaster.  It's very handy, and
> ControlMaster=autoask is just what i wanted!
>
> I'm having difficulty with a common use case, however.  I want to
> LocalForward on secondary connections using an already-established
> ControlPath.  From what i can tell, the second ssh connection doesn't
> report any errors, but silently ignores the supplied LocalForward
> arguments.
Passing additional forwarding requests from multiplexing slaves through to 
the master has not been implemented yet, but I plan to soon. IIRC someone 
posted patches to this list or bugzilla, but they needed a little more 
work.

It is uncertain whether this will be in the 4.3 release, more likely to be 
the 4.4 timeframe (~6 months). There will be patches available on this 
list or in bugzilla beforehand though if you would like to test.

-d