[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 15 19:56:57 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3017

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #6 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Wiebe Cazemier from comment #4)
> Created attachment 3435 [details]
> ssh -vvv output
> 
> Debug trace with ExitOnForwardFailure=yes that still logs in.

What's happening is that ssh is successfully listening on either the v4
or v6 address for localhost.  Since it did in fact successfully listen
it considers it to have succeeded.  I can reproduce the same behaviour
by deliberately busying out one or the other:

$ nc -4 -l 1234 &
$ ssh -vvv -o exitonforwardfailure=yes -L 1234:127.0.0.1:1234 localhost

$ sudo lsof -n -i :1234
COMMAND    PID    USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
nc      465379 dtucker    3u  IPv4 4443587      0t0  TCP *:1234
(LISTEN)
ssh     465656 dtucker    4u  IPv6 4470895      0t0  TCP [::1]:1234
(LISTEN)

If you specify the address it'll only try that one and fail if it's
busy:

$ ssh -vvv -o exitonforwardfailure=yes -L 127.0.0.1:1234:127.0.0.1:1234
localhost
[...]
bind [127.0.0.1]:1234: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 1234
Could not request local forwarding

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list