tcpip-forward with port 0 and 'want reply'

Damien Miller djm at
Thu Apr 20 18:00:54 EST 2006

On Wed, 19 Apr 2006, William Ahern wrote:

> However, it doesn't seem like OpenSSH supports this. If you request a port
> of zero, the code never 1) returns or 2) listens for the allocated port,
> even though 'want reply' is _always_ TRUE.

No, we don't support this presently. There is a patch in bugzilla but
the last time I looked it required a bit more work.

> In the process I've run into trouble w/ ForwardPermissions. I suspect
> there's a bug in the SSH 2.0 support since it doesn't keep track of
> listening hostnames, only the port. Again, there's a silent collision and
> either the permissions are too strict or too loose.

Yes, permitopen doesn't support specification of a bind_address 
presently. It should "fail closed" on ambiguous matches though, so why
do you say the permissions are too loose?


More information about the openssh-unix-dev mailing list