Bug 3017

Summary: ExitOnForwardFailure=yes doesn't work for local forwards (-L)
Product: Portable OpenSSH Reporter: Wiebe Cazemier <wiebe>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: normal CC: djm
Priority: P5    
Version: 7.6p1   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
ssh -vvv output none

Description Wiebe Cazemier 2019-05-31 21:21:27 AEST 
Logging in from an Ubuntu 18.04 machine, OpenSSH 7.6p1-4ubuntu0.3, the option ExitOnForwardFailure doesn't seem to work. I says 'bind: Address already in use' and I get a shell:

=======
halfgaar@<localmachine>: ~
$ ssh -L 8080:localhost:22 -o ExitOnForwardFailure=yes root@server.com
bind: Address already in use
Linux <remoteserver> 4.9.0-8-686-pae #1 SMP Debian 4.9.144-3 (2019-02-02) i686

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri May 31 12:39:27 2019 from 84.22.107.110
root@<remoteserver>: ~
#
=======

Using -f also just makes it fork.

It does work properly with reverse tunnels (-R).
Comment 1 Wiebe Cazemier 2019-05-31 21:39:38 AEST 
It does work properly from Ubuntu 16.04, Openssh 7.2p2-4ubuntu2.8:


ssh -L 22022:localhost:22 -o ExitOnForwardFailure=yes root@server.com -p 22022
bind: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 22022                                                                                                                                                                                                                 
Could not request local forwarding.
Comment 2 Wiebe Cazemier 2019-05-31 21:44:17 AEST 
Another interesting result: it started happening randomly. Apparently, it switched between ipv4 and ipv6. With -4, it works properly and fails consistently.
Comment 3 Damien Miller 2020-07-24 15:59:39 AEST 
Could you please attach a debug trace from a failing instance? "ssh -vvv ..."
Comment 4 Wiebe Cazemier 2020-07-29 17:54:02 AEST 
Created attachment 3435 [details]
ssh -vvv output

Debug trace with ExitOnForwardFailure=yes that still logs in.