[Bug 3610] New: Using ControlPath and the -J option

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 1 03:30:46 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3610

            Bug ID: 3610
           Summary: Using ControlPath and the -J option
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mathieu.pousse at cloud-iam.com

Hi there,

I'm wondering if `ssh` does properly support the `-J` option to jump
through a bastion and the `ControlMaster` settings to reuse an existing
connection.

When I try to sequentially access two hosts with the same internal ip
(10.0.1.2) that are behind a different bastion (bastion-1 and
bastion-2), ssh is wrongly re-using the socket because it is "bound" to
private ip (10.0.1.2) and it does not include any reference to the
bastion's ip:

```
$ ssh -o ControlPersist=60s  -o ControlMaster=auto -o
ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no
ubuntu at 10.0.1.2 -p 666 -J bastion at bastion-1:666 hostname
hostname-beyond-bastion-1

$ ssh -o ControlPersist=60s  -o ControlMaster=auto -o
ControlPath=/tmp/.ssh/control-%h-%p-%r -o StrictHostKeyChecking=no
ubuntu at 10.0.1.2 -p 666 -J bastion at bastion-2:666 hostname
hostname-beyond-bastion-1

$ ls /tmp/.ssh/control*
/tmp/.ssh/control-10.0.1.2-666-ubuntu

```

I have double checked but did not find anything to add in the
ControlPath to refer to the bastion ip.

I'm wondering if this is a known limitation or a bug / enhancement.

So far, my understanding is that the ControlMaster should not be used
when using the jumps.

Thanks in advance

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list