[Bug 3610] New: Using ControlPath and the -J option
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Sep 1 03:30:46 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3610
Bug ID: 3610
Summary: Using ControlPath and the -J option
Product: Portable OpenSSH
Version: 8.9p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mathieu.pousse at cloud-iam.com
Hi there,
I'm wondering if `ssh` does properly support the `-J` option to jump
through a bastion and the `ControlMaster` settings to reuse an existing
connection.
When I try to sequentially access two hosts with the same internal ip
(10.0.1.2) that are behind a different bastion (bastion-1 and
bastion-2), ssh is wrongly re-using the socket because it is "bound" to
private ip (10.0.1.2) and it does not include any reference to the
bastion's ip:
```
$ ssh -o ControlPersist=60s -o ControlMaster=auto -o
ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no
ubuntu at 10.0.1.2 -p 666 -J bastion at bastion-1:666 hostname
hostname-beyond-bastion-1
$ ssh -o ControlPersist=60s -o ControlMaster=auto -o
ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no
ubuntu at 10.0.1.2 -p 666 -J bastion at bastion-2:666 hostname
hostname-beyond-bastion-1
$ ls /tmp/.ssh/control*
/tmp/.ssh/control-10.0.1.2-666-ubuntu
```
I have double checked but did not find anything to add in the
ControlPath to refer to the bastion ip.
I'm wondering if this is a known limitation or a bug / enhancement.
So far, my understanding is that the ControlMaster should not be used
when using the jumps.
Thanks in advance
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list