You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Thomas Wolf (Jira)" <ji...@apache.org> on 2022/06/15 17:21:00 UTC

[jira] [Commented] (SSHD-1269) TCP/IP remote port forwarding with wildcard IP addresses doesn't work with OpenSSH

    [ https://issues.apache.org/jira/browse/SSHD-1269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17554721#comment-17554721 ] 

Thomas Wolf commented on SSHD-1269:
-----------------------------------

Actually, this was reported on  the {{users@mina.apache.org}} mailing list [on 2021-08-16|https://www.mail-archive.com/users@mina.apache.org/msg06868.html]: it worked in 2.5.1, but fails as of 2.6.0.

It got broken in [commit 1498b762d|https://github.com/apache/mina-sshd/commit/1498b762d#diff-6f999a013dbc6cc350fa3891992d628b969215c980295f162bb53931232f5b4bR108]: before, it would indeed send back the original hostname + bound port; since then it returns the bound hostname + bound port, which fails.

> TCP/IP remote port forwarding with wildcard IP addresses doesn't work with OpenSSH
> ----------------------------------------------------------------------------------
>
>                 Key: SSHD-1269
>                 URL: https://issues.apache.org/jira/browse/SSHD-1269
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 2.8.0
>            Reporter: Thomas Wolf
>            Priority: Major
>
> Looks like a recurrence of SSHD-792.
> To reproduce, take the {{Sshd1055Test}} from [PR 227|https://github.com/apache/mina-sshd/pull/227]. That one uses OpenSSH 9.0 to set up a remote port forwarding on an Apache MINA sshd server using
> {code}
> ssh ... -R 127.0.0.1:0:someHost:somePort ...
> {code}
> That works. The server chooses a port A, and a client connecting to 127.0.0.1:A is forwarded to someHost:somePort.
> Now change that test to use either {{-R 0.0.0.0:0:someHost:somePort}} or {{-R 0:someHost:somePort}}. These should work equally well.
> However, the test then fails; the OpenSSH client complains about
> {code}
> debug1: client_request_forwarded_tcpip: listen 127.0.0.1 port 56054, originator 127.0.0.1 port 56055
> WARNING: Server requests forwarding for unknown listen_port 56054
> {code}
> where 56054 is the port chosen by the server.
> This appears to be caused by the Apache MINA sshd server sending back in the "forwarded-tcpip" request the _bound_ address (127.0.0.1); but OpenSSH expects the original (0.0.0.0, or empty). Probably Apache MINA sshd should send back the original address, but with the bound port.
> (Note: this is also reproducible using OpenSSH 7.9.)



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org