[Bug 3907] New: Control proxy mode doesn't support TCP or Unix domain socket forwarding
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Dec 29 18:47:18 AEDT 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3907
Bug ID: 3907
Summary: Control proxy mode doesn't support TCP or Unix domain
socket forwarding
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: ding at diinngg.com
This is a follow-up to this mailing list thread:
https://marc.info/?t=176634596800001
After connecting a client to a control socket in proxy mode both TCP
and Unix domain socket forwarding do not work.
TCP forwarding looks to be partially implemented, but the control
master doesn't forward the response to the "tcpip-forward" global
request downstream (meaning using port 0 doesn't work), and
"cancel-tcpip-forward" isn't implemented. When running
ssh -oControlPath=<...> -Oproxy -R<port>:127.0.0.1:<port> -N <host>
the forwarding works correctly, but
ssh -oControlPath=<...> -Oproxy -R0:127.0.0.1:<port> -N <host>
does not show the assigned remote port in the log. Finding the port
manually on the server and writing to it results in the control master
process logging
WARNING: Server requests forwarding for unknown listen_port <...>
Unix domain socket forwarding doesn't look to be implemented at all.
Running
ssh -oControlPath=<...> -Oproxy -R<path>:127.0.0.1:<port> -N <host>
results in the control master process logging
channel_proxy_downstream: unsupported request
streamlocal-forward at openssh.com
The comment at
https://github.com/openssh/openssh-portable/blob/b652322cdc5e94f059b37a8fb87e44ccb1cdff33/channels.c#L3169
seems to suggest that both should work, and it would be useful if they
did.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list