[Bug 3017] ExitOnForwardFailure=yes doesn't work for local forwards (-L)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon May 15 19:56:57 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3017
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #6 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Wiebe Cazemier from comment #4)
> Created attachment 3435 [details]
> ssh -vvv output
>
> Debug trace with ExitOnForwardFailure=yes that still logs in.
What's happening is that ssh is successfully listening on either the v4
or v6 address for localhost. Since it did in fact successfully listen
it considers it to have succeeded. I can reproduce the same behaviour
by deliberately busying out one or the other:
$ nc -4 -l 1234 &
$ ssh -vvv -o exitonforwardfailure=yes -L 1234:127.0.0.1:1234 localhost
$ sudo lsof -n -i :1234
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nc 465379 dtucker 3u IPv4 4443587 0t0 TCP *:1234
(LISTEN)
ssh 465656 dtucker 4u IPv6 4470895 0t0 TCP [::1]:1234
(LISTEN)
If you specify the address it'll only try that one and fail if it's
busy:
$ ssh -vvv -o exitonforwardfailure=yes -L 127.0.0.1:1234:127.0.0.1:1234
localhost
[...]
bind [127.0.0.1]:1234: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 1234
Could not request local forwarding
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list