Possible ssh -D bug in 5.8p1 (on Gentoo Linux)

Damien Miller djm at mindrot.org
Tue Feb 8 07:57:55 EST 2011


On Mon, 7 Feb 2011, Brother Railgun of Reason wrote:

> On Fri, Feb 04, 2011 at 12:26:08PM +1100, Damien Miller wrote:
> > OpenSSH 5.8 has just been released. It will be available from the
> > mirrors listed at http://www.openssh.com/ shortly.
> 
> I seem to have found a bug in 5.8p1.
> 
> I work remotely, and use three SSH tunnels, two of the form ssh -L 
> port:host:destport -f -N -q -l remoteuser remotehost, and one of the 
> form ssh -D port -f -C -q -N -l remoteuser remotehost, the latter a web 
> tunnel that I may access any of several web hosts through.  When I 
> upgraded to OpenSSH 5.8p1 this morning, the ssh -D tunnel ceased to 
> work; it would connect correctly, then stop responding within 30 seconds 
> to a minute, and the ssh process would not die on a SIGTERM, requiring a 
> SIGKILL.  When I backed out to 5.7p1 and restarted my tunnels again, the 
> ssh -D tunnel worked again.  The two ssh -L tunnels continued to work 
> normally.

That's pretty unlikely, because there was no channels or forwarding-
related code changed between 5.7 and 5.8. If you aren't using SELinux,
the substantive diff is literally one line in the key certification code.

-d


More information about the openssh-unix-dev mailing list