[Bug 3118] New: ProxyCommand and ProxyJump not works with openssh-server-8.1p1-1.el7.x86_64
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 11 23:48:26 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3118
Bug ID: 3118
Summary: ProxyCommand and ProxyJump not works with
openssh-server-8.1p1-1.el7.x86_64
Product: Portable OpenSSH
Version: 8.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: security
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: henzhang at aligntech.com
Hi Team,
For some remediate vulnerabilities, I have upgrade ssh from 7.4 to
8.1p1
on bastion "CentOS Linux release 7.7.1908 (Core)"
After that we can't use ProxyCommand/ProxyJump with target server. We
tried the following action:
1.with default 7.4
ssh to target instance with proxycommand, it works well.
Host prd-bastion_host
User centos
IdentityFile ~/.ssh/Admins.pem
Hostname xxx.xxx.xxx.xxx
Port 22
Host 10.244.152.103
User centos
IdentityFile ~/.ssh/Admins.pem
ProxyJump prd-bastion_host
2.with upgrade bastion ssh to 8.1
ssh 10.244.152.103, return failed.
3.with upgrade bastion and target instance ssh to 8.1
still return failed:
debug1: Authentication succeeded (publickey).
Authenticated to X.X.X.X ([X.X.X.X]:22).
debug3: ssh_init_stdio_forwarding: 10.244.152.103,:22
debug1: channel_connect_stdio_fwd 10.244.152.103,:22
debug1: channel 0: new [stdio-forward]
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: getpeername failed: Bad file descriptor
debug3: send packet: type 90
debug2: fd 3 setting TCP_NODELAY
debug3: ssh_packet_set_tos: set IP_TOS 0x48
debug1: Requesting no-more-sessions at openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/centos/.ssh/authorized_keys:4: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 4
debug1: Remote: /home/centos/.ssh/authorized_keys:4: key options:
agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 92
channel 0: open failed: connect failed: open failed
debug2: channel_input_open_failure: channel 0: callback start
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list