[Bug 3118] New: ProxyCommand and ProxyJump not works with openssh-server-8.1p1-1.el7.x86_64

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 11 23:48:26 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3118

            Bug ID: 3118
           Summary: ProxyCommand and ProxyJump not works with
                    openssh-server-8.1p1-1.el7.x86_64
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: security
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: henzhang at aligntech.com

Hi Team,

   For some remediate vulnerabilities, I have upgrade ssh from 7.4 to
8.1p1
 on bastion "CentOS Linux release 7.7.1908 (Core)"

  After that we can't use ProxyCommand/ProxyJump with target server. We
tried the following action:

   1.with default 7.4
   ssh to target instance with proxycommand, it works well.

Host prd-bastion_host
    User centos
    IdentityFile ~/.ssh/Admins.pem
    Hostname xxx.xxx.xxx.xxx
    Port 22

Host 10.244.152.103
    User centos
    IdentityFile ~/.ssh/Admins.pem
    ProxyJump prd-bastion_host

   2.with upgrade bastion ssh to 8.1

ssh 10.244.152.103, return failed.

   3.with upgrade bastion and target instance ssh to 8.1
still return failed:

debug1: Authentication succeeded (publickey).
Authenticated to X.X.X.X ([X.X.X.X]:22).
debug3: ssh_init_stdio_forwarding: 10.244.152.103,:22
debug1: channel_connect_stdio_fwd 10.244.152.103,:22
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug1: Requesting no-more-sessions at openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/centos/.ssh/authorized_keys:4: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /home/centos/.ssh/authorized_keys:4: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 92
channel 0: open failed: connect failed: open failed
debug2: channel_input_open_failure: channel 0: callback start
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list