[Bug 3499] New: Bad forwarding specification w. -R port
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Nov 8 12:20:34 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3499
Bug ID: 3499
Summary: Bad forwarding specification w. -R port
Product: Portable OpenSSH
Version: 9.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: beryllium at shaddybaddah.name
General warning. As this seemed too obvious an issue to be (assumed)
long standing, I tried to search for bugs, including resolved/closed,
that match what I am about to report.
I couldn't find any... but I also lack confidence that the
search(/advanced search) isn't injecting keywords into filters, in an
effort to "help", and is diluting the search.
What I am reporting is pretty straight forward. I am trying to use the
*working* binding of a remote port, to a socks proxy through the ssh
client application.
But I am trying to do so using the ~C - Open command line, analogous to
command line invocation arguments, and in accordance with the ssh
manual page. Doing so, I am encountering the error: Bad forwarding
specification.
Below is my best effort at demonstrating the issue.
## Demonstrating that port 13579 isn't initially bound, and is
functional
<< $ nc -v localhost 13579
<< nc: connect to localhost (127.0.0.1) port 13579 (tcp) failed:
Connection refused
# bind it in another session, and connect it in the original
>> $ nc -v -l localhost 13579
>> Listening on localhost 13579
<< $ nc -v localhost 13579
<< Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded!
>. $ nc -v -l localhost 13579
>. Listening on localhost 13579
>> Connection received on localhost 60858
## Now demonstrate working command line invocation -R port
>> $ ssh -F /dev/null -R 13579 localhost
>> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1 (2022-06-09) x86_64
>> ..
>> $
<. Connection to localhost (127.0.0.1) 13579 port [tcp/*] succeeded!
<. ^C
<< $ nc -v -X 5 -x localhost:13579 www.google.com 80
<< Connection to www.google.com 80 port [tcp/http] succeeded!
<< GET / HTTP/1.0
<<
<< HTTP/1.0 200 OK
<< ...
## Now demonstrate the ~C - Open command line error
# first confirm port 13579 has been unbound
<< $ exit
<< logout
<< Connection to localhost closed.
<< $
>. ^C
>> $ nc -v -X 5 -x localhost:13579 www.google.com 80
>> nc: connect to localhost port 13579 (tcp) failed: Connection refused
# now remove -R from ssh invocation, and demonstrate
>> $ ssh -F /dev/null localhost
>> Linux tordnim-debian 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1 (2022-06-09) x86_64
>> ..
>> $
>> ssh> -R 13579
>> Bad forwarding specification.
# unnecessary, but confirm port 13579 still unbound
>> $ nc -v -X 5 -x localhost:13579 www.google.com 80
>> nc: connect to localhost port 13579 (tcp) failed: Connection refused
According to the ssh manual page, this form of forwarding specification
is allowable.
~C section:
## ~C Open command line. Currently this allows the addition
of port
## forwardings using the -L, -R and -D options (see
above). It also
-R section:
## -R [bind_address:]port:host:hostport
## -R [bind_address:]port:local_socket
## -R remote_socket:host:hostport
## -R remote_socket:local_socket
#* -R [bind_address:]port
## Specifies that connections to the given TCP port or
Unix socket
## on the remote (server) host are to be forwarded to the
local
## side.
## ...
#* hostport, or local_socket, or, if no explicit
destination was
#* specified, ssh will act as a SOCKS 4/5 proxy and
forward connec‐
#* tions to the destinations requested by the remote SOCKS
client.
Accordingly, I feel that encountering a "Bad forwarding specification."
error is a defect.
Though as per my preamble.. I rather suspect this is a "considered"
omission, with some rationale.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list