Bug 2444

Summary:

ExitOnForwardFailure=yes has no effect

Product:

Portable OpenSSH

Reporter:

openssh-bugzilla

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

major

CC:

djm, dtucker

Priority:

Version:

6.9p1

Hardware:

amd64

OS:

Linux

Bug Depends on:

Bug Blocks:

2451

Attachments:

Description	Flags
describe what ExitOnForwardFailure actually applies to	dtucker: ok+

Description openssh-bugzilla 2015-08-17 16:08:46 AEST

The option ExitOnForwardFailure is not working, even if the forward fails.

A port forward to another (non used) port on the local machine should cause ssh to exit with error on a connection attempt to the bound port:

Console 1:
> ssh -N -o ExitOnForwardFailure=yes -L 9999:localhost:9998 localhost

Console 2:
> telnet localhost 9999

ssh should exist with a return code != 0 but instead "channel 3: open failed: connect failed: Connection refused" is printed and the ssh process keeps running.

I used two computers to exclude a problem with my version:
Gentoo with "OpenSSH_6.9p1-hpn14v5, OpenSSL 1.0.1p 9 Jul 2015"
Debian with "OpenSSH_6.7p1 Debian-5, OpenSSL 1.0.1k 8 Jan 2015"

All combinations of both computers with local and remote forwards show that ExitOnForwardFailure=yes is ignored entirely.

Comment 1 openssh-bugzilla 2015-08-17 16:10:03 AEST

The error seems to be existing longer: http://superuser.com/questions/806875/ssh-port-forwarding-and-remote-bind-failure-exitonforwardfailure-not-working

Comment 2 Damien Miller 2015-09-04 13:39:00 AEST

Created attachment 2693 [details]
describe what ExitOnForwardFailure actually applies to

This is actually intended behaviour - the forwarding was established OK, but the destination server/port was not accepting connections.

The manual page is a bit unclear though, so that needs to be fixed.

Comment 3 Damien Miller 2016-08-02 10:40:56 AEST

Close all resolved bugs after 7.3p1 release