Possible ssh -D bug in 5.8p1 (on Gentoo Linux)
Mansour Moufid
mansourmoufid at gmail.com
Tue Feb 8 23:30:30 EST 2011
On Tue, Feb 8, 2011 at 6:47 AM, Brother Railgun of Reason
<alaric at caerllewys.net> wrote:
> On Tue, Feb 08, 2011 at 07:57:55AM +1100, Damien Miller wrote:
>> On Mon, 7 Feb 2011, Brother Railgun of Reason wrote:
>> > I seem to have found a bug in 5.8p1.
>> >
>> > I work remotely, and use three SSH tunnels, two of the form ssh -L
>> > port:host:destport -f -N -q -l remoteuser remotehost, and one of the
>> > form ssh -D port -f -C -q -N -l remoteuser remotehost, the latter a web
>> > tunnel that I may access any of several web hosts through. When I
>> > upgraded to OpenSSH 5.8p1 this morning, the ssh -D tunnel ceased to
>> > work; it would connect correctly, then stop responding within 30 seconds
>> > to a minute, and the ssh process would not die on a SIGTERM, requiring a
>> > SIGKILL. When I backed out to 5.7p1 and restarted my tunnels again, the
>> > ssh -D tunnel worked again. The two ssh -L tunnels continued to work
>> > normally.
>>
>> That's pretty unlikely, because there was no channels or forwarding-
>> related code changed between 5.7 and 5.8. If you aren't using SELinux,
>> the substantive diff is literally one line in the key certification code.
>
> Nevertheless, I have one tunnel, set up in a specific way different from
> my other two, that worked under 5.6 and 5.7, stops working when I
> upgrade to 5.8, and works again as soon as I downgrade back to 5.7.
>
> I'm filing a bug report with Gentoo in case it was introduced there.
Perhaps. The HPN patch in Portage was switched to on by default
between 5.7 and 5.8 (see [1,2,3]). Try setting the -hpn USE flag
explicitly and see if the problem persists.
Sharing this here so more knowledgeable people could comment on [3].
[1] <http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-misc/openssh/ChangeLog?view=markup>
[2] <https://bugs.gentoo.org/show_bug.cgi?id=347193>
[3] <http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-misc/openssh/files/openssh-5.8_p1-x509-hpn-glue.patch?revision=1.1&view=markup>
More information about the openssh-unix-dev
mailing list