PuTTY: Forwarded connection refused by server: Administratively prohibited [open failed]

Kyle J. McKay mackyle at gmail.com
Wed Jan 15 23:04:24 EST 2014


On January 12, 2014 03:39:39 PST, Damien Miller wrote:
>> * during the time where any web-page is in the process of timing out
>> (which, as mentioned, takes many seconds), the terminal is stalling,
>> too; basically, the terminal is just about entirely unusable -- the
>> stalls persist for dozens of seconds at a time; remove dynamic port
>> forwarding, wait for the timeouts to expire, and the terminal stalls
>> no more, not even a little bit
>
> Yes, OpenSSH uses the standard libc resolver to perform name
> resolution. This is synchronous and blocking, so no other traffic
> is processed while one is in progress.
>
> Fixing this would require an asynchronous resolver. It's probably
> worth doing, but we'd need to select one and integrate it with the
> channels code. Depending on the resolver, this could be a little
> or a lot of work.

I suggest looking at c-ares (http://c-ares.haxx.se/) which seems to  
have a compatible license and is one of the resolver options for both  
curl and wireshark.  There's a working source code example at [1].

Kyle

[1] http://stackoverflow.com/questions/4854284/how-do-i-resolve-an-ip-into-host-using-c-ares



More information about the openssh-unix-dev mailing list