Possible ssh -D bug in 5.8p1 (on Gentoo Linux)
Damien Miller
djm at mindrot.org
Tue Feb 8 07:57:55 EST 2011
On Mon, 7 Feb 2011, Brother Railgun of Reason wrote:
> On Fri, Feb 04, 2011 at 12:26:08PM +1100, Damien Miller wrote:
> > OpenSSH 5.8 has just been released. It will be available from the
> > mirrors listed at http://www.openssh.com/ shortly.
>
> I seem to have found a bug in 5.8p1.
>
> I work remotely, and use three SSH tunnels, two of the form ssh -L
> port:host:destport -f -N -q -l remoteuser remotehost, and one of the
> form ssh -D port -f -C -q -N -l remoteuser remotehost, the latter a web
> tunnel that I may access any of several web hosts through. When I
> upgraded to OpenSSH 5.8p1 this morning, the ssh -D tunnel ceased to
> work; it would connect correctly, then stop responding within 30 seconds
> to a minute, and the ssh process would not die on a SIGTERM, requiring a
> SIGKILL. When I backed out to 5.7p1 and restarted my tunnels again, the
> ssh -D tunnel worked again. The two ssh -L tunnels continued to work
> normally.
That's pretty unlikely, because there was no channels or forwarding-
related code changed between 5.7 and 5.8. If you aren't using SELinux,
the substantive diff is literally one line in the key certification code.
-d
More information about the openssh-unix-dev
mailing list