[Bug 3582] New: Confusing error message when using ProxyJump

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jun 22 06:13:50 AEST 2023 

https://bugzilla.mindrot.org/show_bug.cgi?id=3582

            Bug ID: 3582
           Summary: Confusing error message when using ProxyJump
           Product: Portable OpenSSH
           Version: 9.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bluebird090909 at proton.me

When connecting to a host through a ssh jumpserver using the ProxyJump
option, error messages returned from the jumpserver are incomplete and
confusing


Example 1: (Connecting to an invalid host name)

When connecting directly, the error message is clear:

ssh: Could not resolve hostname invalid.tdl: Name or service not known


But when using a jumpserver:

channel 0: open failed: connect failed: Name or service not known
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535



Example 2: (sshd not running)

Error message without Proxy:

ssh: connect to host example.tdl port 22: Connection refused


Error message with Proxy:

ssh example.tdl
channel 0: open failed: connect failed: Connection refused
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535


Note that the error message is omitting the host and port that refused
the connection.


Ideally, ssh would return the original error message to allow easier
debugging.

The message could show clearly its coming from the jumpserver like
this:

ssh: [jumpserver.tdl REPORTS:] Could not resolve hostname invalid.tdl:
Name or service not known

The additional information like:

stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

should only be shown when using -v since it is usually not helpful to
locate the root of the issue.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list